CNNVD-202512-1823 Information

CNNVD ID

CNNVD-202512-1823

Related CVE

CVE-2025-65199

• CNNVD Published: 2025-12-10

Description (Chinese)

Windscribe Desktop Application是Windscribe开源的一个VPN软件。 Windscribe Desktop Application 2.18.3-alpha之前版本和2.18.8之前版本存在安全漏洞，该漏洞源于changeMTU函数中adapterName参数存在命令注入，可能导致本地用户执行任意命令。

Description (English)

Windscribe Desktop Application is an open source VPN software for Windows. There is a security loophole in the previous version of Windscribe Desktop Application 2.183-alpha and the previous version of 2.18.8, which stems from the existence of command injections of the dapterName parameter in the ChangeMTU function, which may lead local users to perform arbitrary commands.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

Windscribe

Published

2025-12-10

Last Modified

2026-02-24

References

https://github.com/Windscribe/Desktop-App https://github.com/Windscribe/Desktop-App/compare/v2.18.2…v2.18.3?diff=unified&w#diff-57e27ab201a1a612609087b839e03bf87a5a063ffcc3f465a6245469bc102754 https://github.com/Windscribe/Desktop-App/compare/v2.18.2…v2.18.3?diff=unified&w#diff-cfc5df17057ed92112ae70a42c81c57c79f434429210ff881fb0771cf8e39b4c https://hackingbydoing.wixsite.com/hackingbydoing/post/windscribe-vpn-local-privilege-escalation https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-25-343-01.json https://www.cve.org/CVERecord?id=CVE-2025-65199