CVE-2025-69195
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2026-01-09

Last updated on: 2026-03-05

Assigner: Fedora Project

Description
A flaw was found in GNU Wget2. This vulnerability, a stack-based buffer overflow, occurs in the filename sanitization logic when processing attacker-controlled URL paths, particularly when filename restriction options are active. A remote attacker can exploit this by providing a specially crafted URL, which, upon user interaction with wget2, can lead to memory corruption. This can cause the application to crash and potentially allow for further malicious activities.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-09
Last Modified
2026-03-05
Generated
2026-05-07
AI Q&A
2026-01-10
EPSS Evaluated
2026-05-05
NVD
CVE-2025-69195
EUVD
EUVD-2026-1777
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
gnu wget2 From 2.1.0 (inc) to 2.2.1 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-121 A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is a stack-based buffer overflow in GNU Wget2's filename sanitization logic. It occurs when wget2 processes attacker-controlled URL paths while filename restriction options are enabled. The flaw causes wget2 to write beyond a fixed 1024-byte stack buffer due to missing bounds checks, leading to memory corruption. An attacker can exploit this remotely by providing specially crafted URLs, and the exploit requires user interaction to invoke wget2. [1]


How can this vulnerability impact me? :

Exploitation of this vulnerability can cause wget2 to crash and potentially allow further malicious activities such as remote code execution or system compromise. Since it affects all Linux systems running vulnerable versions of wget2, it can lead to denial of service or unauthorized actions on affected systems. [1]


How can this vulnerability be detected on my network or system? Can you suggest some commands?

Detection can involve monitoring for wget2 usage with URLs containing suspicious or unusually long path components, especially when filename restriction options like --restrict-file-names are used. Since the vulnerability triggers on specially crafted URL paths, inspecting wget2 command invocations for such options and analyzing logs for crashes or abnormal terminations of wget2 may help. Specific commands could include checking running wget2 processes and their arguments (e.g., using 'ps aux | grep wget2') and reviewing system logs for wget2 crashes. However, no explicit detection commands are provided in the available resources. [1]


What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation steps include avoiding the use of wget2 with filename restriction options such as --restrict-file-names=windows, unix, or ascii until a patched version is available. Additionally, refrain from interacting with untrusted or suspicious URLs that could trigger the vulnerability. Applying any available security updates or patches for wget2 from your Linux distribution is recommended once released. [1]


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart