Microsoft Windows Subsystem For Linux — known CVE vulnerabilities
Every CVE whose affected-product data names Microsoft Windows Subsystem For Linux, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVE-2025-62220 — CVSS 8.8 (high): Heap-based buffer overflow in Windows Subsystem for Linux GUI allows an unauthorized attacker to execute code over a network.
CVE-2025-53788 — CVSS 7.0 (high): Time-of-check time-of-use (toctou) race condition in Windows Subsystem for Linux allows an authorized attacker to elevate privileges…