CVE-2025-69194
BaseFortify
Publication date: 2026-01-09
Last updated on: 2026-03-05
Assigner: Fedora Project
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| gnu | wget2 | to 2.2.1 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-22 | The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in GNU Wget2 occurs because the software does not properly validate file paths provided in Metalink <file name> elements. An attacker can exploit this by supplying malicious filenames containing directory traversal sequences or absolute paths, allowing them to write files to unintended locations on the victim's system without authentication. [1]
How can this vulnerability impact me? :
The vulnerability can lead to data loss by allowing attackers to create, truncate, or overwrite arbitrary files writable by the user. It can also potentially enable further compromise of the user's environment, including code execution, by overwriting configuration or startup files that the user executes. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection can involve checking for the presence of vulnerable versions of GNU Wget2 on your system. Since the vulnerability involves improper handling of Metalink <file name> elements leading to arbitrary file writes, monitoring for unusual file creation or modification events, especially those involving directory traversal patterns, may help. Specific commands include verifying the wget2 version installed (e.g., `wget2 --version`), and scanning logs or filesystem for unexpected file writes or changes. However, no explicit detection commands are provided in the resources. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include updating GNU Wget2 to a version that patches this vulnerability. Avoid processing untrusted Metalink documents with wget2 until an update is applied. Additionally, restrict user permissions to limit the impact of arbitrary file writes, and monitor for suspicious activity related to wget2 usage. [1]