CVE-2025-65199 is an OS command injection vulnerability classified under CWE-78 found in the Windscribe for Linux Desktop App, specifically in versions 2.10.1. The vulnerability arises from improper neutralization of special elements in the 'adapterName' parameter of the 'changeMTU' function, which is used to modify the Maximum Transmission Unit settings. A local attacker who is a member of the 'windscribe' group can exploit this flaw to inject arbitrary OS commands that are executed with root privileges. This occurs because the input passed to the 'changeMTU' function is not properly sanitized before being used in system-level command execution, allowing command chaining or injection. The vulnerability does not require user interaction but does require the attacker to have local access and membership in the windscribe group, which is typically granted to users who manage or use the Windscribe VPN client. The impact of this vulnerability is severe, as it compromises confidentiality, integrity, and availability by enabling full root-level control over the affected system. The vendor has addressed this issue in versions 2.18.3-alpha and 2.18.8 by implementing proper input validation and sanitization. No public exploits have been reported yet, but the vulnerability's characteristics make it a critical concern for environments where Windscribe Linux clients are deployed.

For European organizations, this vulnerability poses a significant risk due to the potential for local privilege escalation to root, enabling attackers to execute arbitrary commands, install malware, or disrupt services. Organizations using Windscribe on Linux endpoints, particularly in development, research, or privacy-focused sectors, could face data breaches, system compromise, or operational downtime. The threat is heightened in environments where multiple users share systems or where the windscribe group membership is not tightly controlled. Given the VPN client’s role in securing communications, exploitation could also undermine network security by allowing attackers to manipulate or intercept VPN traffic. The lack of known exploits in the wild currently reduces immediate risk, but the vulnerability’s ease of exploitation and high impact necessitate prompt remediation to prevent future attacks.

1. Upgrade all Windscribe for Linux Desktop App installations to version 2.18.3-alpha or later, or 2.18.8 or later, where the vulnerability is patched. 2. Audit and restrict membership of the 'windscribe' group to only trusted and necessary users to minimize the attack surface. 3. Implement strict local access controls and monitoring to detect unauthorized attempts to exploit the vulnerability. 4. Employ application whitelisting and endpoint detection and response (EDR) solutions to identify anomalous command execution patterns. 5. Educate system administrators and users about the risks of privilege escalation vulnerabilities and the importance of applying security updates promptly. 6. Consider isolating VPN client usage to dedicated systems or containers to limit potential lateral movement in case of compromise.