CVE-2025-62220

High

Published: 11 November 2025

Published

11 November 2025

Modified

14 November 2025

KEV Added

—

Patch

—

CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS Score 0.0006 18.3th percentile

Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Description

Adversaries may exploit software vulnerabilities in client applications to execute code.

Security Summary

CVE-2025-62220 is a heap-based buffer overflow vulnerability, classified under CWE-122, affecting the Windows Subsystem for Linux GUI. Published on 2025-11-11T18:15:49.730, it carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H), indicating high severity due to its potential for significant impact.

An unauthorized attacker can exploit this vulnerability over a network with low attack complexity and no required privileges, though user interaction is necessary. Successful exploitation allows arbitrary code execution, granting high levels of confidentiality, integrity, and availability impact on the affected system.

The Microsoft Security Response Center advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62220 provides guidance on mitigations and patches for this vulnerability.

Details

CWE(s): CWE-122

Affected Products

microsoft

windows subsystem for linux

≤ 2.6.2

MITRE ATT&CK Enterprise Techniques

T1203 Exploitation for Client Execution Execution

Adversaries may exploit software vulnerabilities in client applications to execute code.

attack.mitre.org →

Why these techniques?

The heap-based buffer overflow in Windows Subsystem for Linux GUI enables arbitrary code execution via client-side exploitation requiring user interaction (UI:R), directly mapping to T1203: Exploitation for Client Execution.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62220
Vendor Advisory · secure@microsoft.com