CVE-2025-69195

A flaw was found in GNU Wget2. This vulnerability, a stack-based buffer overflow, occurs in the filename sanitization logic when processing attacker-controlled URL paths, particularly when filename restriction options are active. A remote attacker can exploit this by providing a specially crafted URL, which, upon user interaction with wget2, can lead to memory corruption. This can cause the application to crash and potentially allow for further malicious activities.

CVSS v3 7.6 HIGH

7.6^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 4.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://access.redhat.com/security/cve/CVE-2025-69195	Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2425770	Issue Tracking Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:gnu:wget2:*:*:*:*:*:*:*:*

History

05 Mar 2026, 20:12

Type	Values Removed	Values Added
CPE		cpe:2.3:a:gnu:wget2::::::::
First Time		Gnu wget2 Gnu
References	~~() https://access.redhat.com/security/cve/CVE-2025-69195 -~~	() https://access.redhat.com/security/cve/CVE-2025-69195 - Third Party Advisory
References	~~() https://bugzilla.redhat.com/show_bug.cgi?id=2425770 -~~	() https://bugzilla.redhat.com/show_bug.cgi?id=2425770 - Issue Tracking, Third Party Advisory

09 Jan 2026, 08:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-01-09 08:15

Updated : 2026-03-05 20:12

NVD link : CVE-2025-69195

Mitre link : CVE-2025-69195

CVE.ORG link : CVE-2025-69195

JSON object : View

Products Affected

gnu

wget2

CWE

CWE-121

Stack-based Buffer Overflow

{"id": "CVE-2025-69195", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "patrick@puiterwijk.org", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.6, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 4.7, "exploitabilityScore": 2.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2026-01-09T08:15:58.147", "references": [{"url": "https://access.redhat.com/security/cve/CVE-2025-69195", "tags": ["Third Party Advisory"], "source": "patrick@puiterwijk.org"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2425770", "tags": ["Issue Tracking", "Third Party Advisory"], "source": "patrick@puiterwijk.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "patrick@puiterwijk.org", "description": [{"lang": "en", "value": "CWE-121"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in GNU Wget2. This vulnerability, a stack-based buffer overflow, occurs in the filename sanitization logic when processing attacker-controlled URL paths, particularly when filename restriction options are active. A remote attacker can exploit this by providing a specially crafted URL, which, upon user interaction with wget2, can lead to memory corruption. This can cause the application to crash and potentially allow for further malicious activities."}], "lastModified": "2026-03-05T20:12:29.377", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:gnu:wget2:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "82FE97C3-E963-4A87-8C4B-761F5BDA7E72", "versionEndExcluding": "2.2.1", "versionStartIncluding": "2.1.0"}], "operator": "OR"}]}], "sourceIdentifier": "patrick@puiterwijk.org"}