CVE-2025-69194

HIGH

GNU Wget2 - Path Traversal

Title source: llm

Description

A security issue was discovered in GNU Wget2 when handling Metalink documents. The application fails to properly validate file paths provided in Metalink <file name> elements. An attacker can abuse this behavior to write files to unintended locations on the system. This can lead to data loss or potentially allow further compromise of the user’s environment.

Exploits (1)

nomisec WORKING POC 1 stars

by secdongle · poc

https://github.com/secdongle/POC_CVE-2025-69194

View Code ZIP pw:eip

References (2)

[Vendor Advisory] https://access.redhat.com/security/cve/CVE-2025-69194

[Issue Tracking] https://bugzilla.redhat.com/show_bug.cgi?id=2425773

Scores

CVSS v3 8.8

EPSS 0.0002

EPSS Percentile 5.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Classification

CWE

CWE-22

Status published

Affected Products (1)

gnu/wget2 < 2.2.1

Timeline

Published Jan 09, 2026

Tracked Since Feb 18, 2026