CVE-2025-65199 is an OS command injection vulnerability classified under CWE-78, affecting the Windscribe Linux Desktop App, specifically versions 2.10.1. The flaw exists in the 'changeMTU' function, where the 'adapterName' parameter is improperly sanitized, allowing a local user who is a member of the 'windscribe' group to inject arbitrary OS commands. Because the application executes these commands with root privileges, successful exploitation results in full system compromise. The vulnerability requires local access and group membership, but no additional user interaction, making it a privilege escalation vector. The CVSS v3.1 score is 7.8 (high), reflecting the ease of exploitation with low attack complexity and the severe impact on confidentiality, integrity, and availability. The vulnerability was publicly disclosed on December 10, 2025, and fixed in Windscribe versions 2.18.3-alpha and 2.18.8. No known exploits have been reported in the wild, but the potential for abuse is significant given the root-level command execution capability. The flaw highlights the importance of proper input validation and sanitization in security-sensitive functions, especially those running with elevated privileges.

For European organizations, this vulnerability poses a significant risk, especially those using Windscribe Linux clients for secure communications or privacy. Exploitation could lead to complete system compromise, allowing attackers to access sensitive data, disrupt services, or use the compromised system as a foothold for lateral movement within networks. The requirement for local access and group membership limits remote exploitation but insider threats or compromised user accounts could leverage this vulnerability. Organizations relying on Linux endpoints for critical operations or handling sensitive information could face data breaches, operational disruptions, and reputational damage. Additionally, the root-level access gained could bypass many security controls, making detection and remediation more difficult. The absence of known exploits in the wild currently reduces immediate risk but does not eliminate the threat, especially as attackers may develop exploits post-disclosure.

Organizations should immediately upgrade affected Windscribe Linux Desktop App installations to versions 2.18.3-alpha or 2.18.8 or later. Until patching is complete, restrict membership of the 'windscribe' group to trusted administrators only, minimizing the number of users who can exploit this vulnerability. Implement strict access controls and monitor group membership changes. Employ host-based intrusion detection systems (HIDS) to detect anomalous command executions or privilege escalations. Conduct regular audits of Linux endpoints to identify outdated Windscribe versions. Consider disabling or uninstalling Windscribe on Linux systems where it is not essential. Additionally, enforce the principle of least privilege for all users and services to reduce the attack surface. Educate users about the risks of local privilege escalation vulnerabilities and encourage prompt reporting of suspicious activities.