{"id":"CVE-2025-62220","details":"Heap-based buffer overflow in Windows Subsystem for Linux GUI allows an unauthorized attacker to execute code over a network.","modified":"2026-03-13T03:40:40.963795Z","published":"2025-11-11T18:15:49.730Z","references":[{"type":"ADVISORY","url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62220"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/microsoft/wsl","events":[{"introduced":"0"},{"fixed":"c7aad6161166d330099cc48ceab7ee158b8225a2"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"2.6.2"}]}}],"versions":["0.47.1","0.48.2","0.50.2","0.51.0","0.51.2","0.51.3","0.56.1","0.56.2","0.58.0","0.58.1","0.58.3","0.60.0","0.61.4","0.61.5","0.61.8","0.64.0","0.65.1","0.65.2","0.65.3","0.66.2","0.67.6","0.68.2","0.68.4","0.70.0","0.70.4","0.70.5","0.70.8","1.0.0","1.0.1","1.0.3","1.1.0","1.1.2","1.1.3","1.1.5","1.1.6","1.1.7","1.2.0","1.2.1","1.2.2","1.2.3","1.2.4","1.2.5","1.3.10","1.3.11","1.3.14","1.3.15","1.3.17","2.0.0","2.0.1","2.0.11","2.0.12","2.0.14","2.0.15","2.0.2","2.0.3","2.0.4","2.0.5","2.0.6","2.0.7","2.0.8","2.0.9","2.1.0","2.1.1","2.1.3","2.1.4","2.1.5","2.2.1","2.2.2","2.2.3","2.2.4","2.3.11","2.3.12","2.3.13","2.3.14","2.3.17","2.3.21","2.3.22","2.3.24","2.3.25","2.3.26","2.4.10","2.4.11","2.4.12","2.4.13","2.4.4","2.4.5","2.4.8","2.4.9","2.5.1","2.5.10","2.5.4","2.5.6","2.5.7","2.5.8","2.5.9","2.6.0","2.6.1"],"database_specific":{"vanir_signatures":[{"digest":{"threshold":0.9,"line_hashes":["325260112266255820907638633481867496274","278978057703698540117331948953354976166","255972096160573848082827421773441524159","214507080324027795293368854443401876418","45670267098719440328689890808257496952","97297921131179832929351130237301619413","291301400567921000747765956509303636946"]},"deprecated":false,"target":{"file":"src/windows/common/socket.hpp"},"source":"https://github.com/microsoft/wsl/commit/c7aad6161166d330099cc48ceab7ee158b8225a2","id":"CVE-2025-62220-1a1d6625","signature_version":"v1","signature_type":"Line"},{"digest":{"length":229,"function_hash":"161325191873113544642999238830788524213"},"deprecated":false,"target":{"file":"src/windows/common/hvsocket.cpp","function":"wsl::windows::common::hvsocket::Accept"},"source":"https://github.com/microsoft/wsl/commit/c7aad6161166d330099cc48ceab7ee158b8225a2","id":"CVE-2025-62220-1a560b3d","signature_version":"v1","signature_type":"Function"},{"digest":{"threshold":0.9,"line_hashes":["72512558004035156838942277023125315915","315978245901331039322319570588100884056","110992001706490276773809764421439896114","193154009352787627504636212085149298967","61636267813817423781751731678355624317","41617228964185154673918457559757541275","79357654960451419441088647985368608721"]},"deprecated":false,"target":{"file":"src/shared/inc/stringshared.h"},"source":"https://github.com/microsoft/wsl/commit/c7aad6161166d330099cc48ceab7ee158b8225a2","id":"CVE-2025-62220-1c246cd4","signature_version":"v1","signature_type":"Line"},{"digest":{"threshold":0.9,"line_hashes":["292549554225262505216354688006669037456","200070876296166481216026882368481734169","120403186559250847106016665660944635495","232947661715265257663978279115801458182","166370943468207917423468841311639412406"]},"deprecated":false,"target":{"file":"src/windows/common/hvsocket.hpp"},"source":"https://github.com/microsoft/wsl/commit/c7aad6161166d330099cc48ceab7ee158b8225a2","id":"CVE-2025-62220-1ea87c56","signature_version":"v1","signature_type":"Line"},{"digest":{"threshold":0.9,"line_hashes":["113519407820687700164053499244219659908","295777406726917962611521684352602091462","12964101256193789696219295733526309360","64607301630211382530430846826030444407","195029756259319914427522077180231511953","124108239971073343465771881128965729554"]},"deprecated":false,"target":{"file":"src/windows/service/exe/WslCoreVm.cpp"},"source":"https://github.com/microsoft/wsl/commit/c7aad6161166d330099cc48ceab7ee158b8225a2","id":"CVE-2025-62220-4568ed73","signature_version":"v1","signature_type":"Line"},{"digest":{"threshold":0.9,"line_hashes":["117506291921393263099091123111288411985","96602094459029580607434578360302965412","186055437591352852915837183080830209516","129363385705570144849935017987844186038"]},"deprecated":false,"target":{"file":"src/windows/service/exe/WslCoreVm.h"},"source":"https://github.com/microsoft/wsl/commit/c7aad6161166d330099cc48ceab7ee158b8225a2","id":"CVE-2025-62220-4bc7f30d","signature_version":"v1","signature_type":"Line"},{"digest":{"threshold":0.9,"line_hashes":["278222343083447102180607335122750848947","251493784328618037331123174778648913534","36124032973140933763232994387495457291","65902972934241666831442166538764947541","153682248270081643625189938337866815773","48786117829119282679726908000602260518","49713476590270596281305560891087008541","54422253841306184182896726835027955570","232752598002020181113162976251103272961","192518315674599520840219123802797563026","95482253623473497566605721661296250374","308595344192067570928281322066068748285","212013498998653628894588390358131164893","301741217733551116251290974603865410256","115814229496039477780492126355576338377","207345051314485888865691715404457241165","256450144118801399354526017613125307757","122067888729153824069040413826499618834","252793803100991648672286360176132414594","152321523479257340200346582169064597043","33472465026225507699658279667704549770","166873578068029993888894767421509928077","67083625614914221829168865764918832794","141757629222725390434051315650775633614","209323795870123139205579530947413798717","285678407417000073067467034282648844698","292714056018313412885384548920299498316","189783259735380980672308885806329820691","137747654041465305489919727248302411179","97364897608672661286825067668344484868","53774864501736015475697179388230777622","12694994913939994438296925079600758235","304110776151974169875584628403282221699","50165153140797068511913985922573339887","170265093214089663405424632478351708106","55093286865504168929114323734070490513","203412106958797436649513154108497608233","247379017815794145592044833383099739608","98021468962936930432228931581703556831","108557277504451327940049263107143288431","270355633799730316849641892333085957551","144395526946635653246408611681702132237","141482139587139924974117310515454614386","199629737702017172897216330431914257978","174722378971609456753575935520388951521","193560359277813827549982348768611372549","235451094036832993631529801958458979723","174121198774766940938586724329959235940","236970746601863198130430185973713338735","326915061654451179459518471503898862587"]},"deprecated":false,"target":{"file":"src/windows/common/socket.cpp"},"source":"https://github.com/microsoft/wsl/commit/c7aad6161166d330099cc48ceab7ee158b8225a2","id":"CVE-2025-62220-79bb0f95","signature_version":"v1","signature_type":"Line"},{"digest":{"threshold":0.9,"line_hashes":["203311393147405397451179656790896738635","108008640365253487025492315385515662170","76327385080367215699675546551582117316","35103982762157518128975422617358683942","73223915427589049833264461380172656705","104031111029764787931797029334926455415","210836674095244731288777184783576948313","299572471082739547099455188145958402956"]},"deprecated":false,"target":{"file":"src/linux/init/util.h"},"source":"https://github.com/microsoft/wsl/commit/c7aad6161166d330099cc48ceab7ee158b8225a2","id":"CVE-2025-62220-9802787f","signature_version":"v1","signature_type":"Line"},{"digest":{"threshold":0.9,"line_hashes":["257426445257352482058061277336162910073","113136170720521748228912433314690100606","79462941908161851131482497787942902556","226539180600460796755742763381886402479","142726582728406362370363329647039976218","55133595245600552060386118150595572889","75731935303892789022964438592681553160","83498991994989963164145387737813827977","192273519253536642950740714587309675729","17913517684854701648924908289901099397","172068078066077934206958172834003478878","309188227823029316560819759050238599115","22930354180950702134534862695740625139","174962746788427366180781868564352658883","283310186518704788916904751203994075640","147675826932138612904028184210150000074","217559804952573823376049506705657304109","187273448401474483346419443729941720952"]},"deprecated":false,"target":{"file":"src/windows/common/hvsocket.cpp"},"source":"https://github.com/microsoft/wsl/commit/c7aad6161166d330099cc48ceab7ee158b8225a2","id":"CVE-2025-62220-c176714b","signature_version":"v1","signature_type":"Line"},{"digest":{"length":407,"function_hash":"27777882150857048033454365409176528689"},"deprecated":false,"target":{"file":"src/windows/common/socket.cpp","function":"wsl::windows::common::socket::Receive"},"source":"https://github.com/microsoft/wsl/commit/c7aad6161166d330099cc48ceab7ee158b8225a2","id":"CVE-2025-62220-c32340e0","signature_version":"v1","signature_type":"Function"},{"digest":{"length":684,"function_hash":"34637315909379151350259066692444516697"},"deprecated":false,"target":{"file":"src/windows/common/socket.cpp","function":"wsl::windows::common::socket::Accept"},"source":"https://github.com/microsoft/wsl/commit/c7aad6161166d330099cc48ceab7ee158b8225a2","id":"CVE-2025-62220-c9233d3b","signature_version":"v1","signature_type":"Function"},{"digest":{"threshold":0.9,"line_hashes":["196435720522121300640483836592410268993","59865069944751815247198277906087319149","286830347365472719587921028908037146066","334360871119253691687176315783106713364","10296289349541900431984954978089678362","231929692093772071624672319739289056338","237687643536540330536919573861288462169","146806813551017948088751018402613983975","310046400705789194421595554747372701579","186066641104066084888064362119320148745","171629888594295364166982981218775404250","240964874913545975802188989432459495665","274543123685303986415859618216674529694","157167324105609206575123387984980588861","212018271738033324008136672458423159791","34696358523199703126039191148677437851","339757916930000199219457044214022857091","103109779046015925322773565398945723726","186518462285973660447976477531418845815","87990723223691459832242662048266327981","167995038110613885192803122309174482122","217121819088177149720253085553632395201","230096921174263020735166311184567358802","242522580255562209894619417568014861056","305888390716309882279792246611777824237"]},"deprecated":false,"target":{"file":"src/linux/init/util.cpp"},"source":"https://github.com/microsoft/wsl/commit/c7aad6161166d330099cc48ceab7ee158b8225a2","id":"CVE-2025-62220-caa1415d","signature_version":"v1","signature_type":"Line"},{"digest":{"length":382,"function_hash":"65499261369361904743776380245889056520"},"deprecated":false,"target":{"file":"src/windows/service/exe/WslCoreVm.cpp","function":"WslCoreVm::AcceptConnection"},"source":"https://github.com/microsoft/wsl/commit/c7aad6161166d330099cc48ceab7ee158b8225a2","id":"CVE-2025-62220-ee85195d","signature_version":"v1","signature_type":"Function"},{"digest":{"length":1187,"function_hash":"11796347808882673444904593850409805481"},"deprecated":false,"target":{"file":"src/windows/common/socket.cpp","function":"wsl::windows::common::socket::GetResult"},"source":"https://github.com/microsoft/wsl/commit/c7aad6161166d330099cc48ceab7ee158b8225a2","id":"CVE-2025-62220-fee32aa4","signature_version":"v1","signature_type":"Function"}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-62220.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}