GNU Wget2 Arbitrary File Overwrite Vulnerability

GNU Wget2 Arbitrary File Overwrite Vulnerability image
You are here:
  1. Home
  2. Threat Advisory
  3. GNU Wget2 Arbitrary File Overwrite Vulnerability

EXECUTIVE SUMMARY

A critical path traversal vulnerability in GNU Wget2 (CVE-2025-69194) allows attackers to overwrite arbitrary files via malicious Metalink files, posing a high risk of data loss and system compromise.

  • CVE ID: CVE-2025-69194
  • Active Region: Global
  • Affected Sector: Information Technology / Software Development / DevOps
  • Affected Product: GNU Wget2
  • Severity: High
  • CVSS: 8.8
  • Published Date: January 5, 2026

TECHNICAL DETAILS

  • Target: Linux and Unix-like systems using GNU Wget2, particularly servers and automated environments such as scripts and CI/CD pipelines with write access to sensitive directories.
  • Root Cause: Improper validation and normalization of file paths in Metalink processing, allowing path traversal sequences (such as ../) to bypass directory restrictions and write files to unintended locations on the filesystem.
  • Prerequisite For Exploitation: Exploitation requires a user or automated……
Read Full Report Here!

Download the Report

Date

Share

Previous Reports

Voicemail-Based Remote Access Attack image

Voicemail-Based Remote Access Attack

APT28 Exploiting Microsoft Office RTF image

APT28 Exploiting Microsoft Office RTFZero-Day

macOS RCE via Google Ads Malvertising image

macOS RCE via Google Ads Malvertising