CVE-2025-69194

Name
CVE-2025-69194
Description
A security issue was discovered in GNU Wget2 when handling Metalink documents. The application fails to properly validate file paths provided in Metalink <file name> elements. An attacker can abuse this behavior to write files to unintended locations on the system. This can lead to data loss or potentially allow further compromise of the user’s environment.
NVD Severity
unknown
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
vdb-entry https://access.redhat.com/security/cve/CVE-2025-69194
issue-tracking https://bugzilla.redhat.com/show_bug.cgi?id=2425773

Match rules

CPE URI Source package Min version Max version
shopxo >= 0 <= 2.2.0
shopxo == 2.2.1 == 2.2.1
cpe:2.3:a:gnu:wget:*:*:*:*:*:*:*:* wget >= None < 2.2.1
cpe:2.3:a:gnu:wget2:*:*:*:*:*:*:*:* wget2 >= None < 2.2.1

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
wget2 edge-community 2.2.0-r1 Celeste <cielesti@protonmail.com> possibly vulnerable
wget2 edge-community 2.2.0-r0 Carlo Landmeter <clandmeter@alpinelinux.org> possibly vulnerable
wget2 3.23-community 2.2.0-r1 Celeste <cielesti@protonmail.com> possibly vulnerable
wget edge-main 1.25.0-r3 Jingyun Hua <huajingyun@loongson.cn> possibly vulnerable
wget edge-main 1.25.0-r2 Celeste <cielesti@protonmail.com> possibly vulnerable
wget edge-main 1.25.0-r1 Carlo Landmeter <clandmeter@alpinelinux.org> possibly vulnerable
wget edge-main 1.25.0-r0 Carlo Landmeter <clandmeter@alpinelinux.org> possibly vulnerable
wget edge-main 1.20.3-r0 None possibly vulnerable
wget edge-main 1.20.1-r0 None possibly vulnerable
wget edge-main 1.19.5-r0 None possibly vulnerable
wget edge-main 1.19.2-r0 None possibly vulnerable
wget edge-main 1.19.1-r1 None possibly vulnerable
wget 3.23-main 1.25.0-r2 Celeste <cielesti@protonmail.com> possibly vulnerable
wget 3.22-main 1.25.0-r1 Carlo Landmeter <clandmeter@alpinelinux.org> possibly vulnerable
wget 3.22-main 1.25.0-r0 None possibly vulnerable
wget 3.22-main 1.20.3-r0 None possibly vulnerable
wget 3.22-main 1.20.1-r0 None possibly vulnerable
wget 3.22-main 1.19.5-r0 None possibly vulnerable
wget 3.22-main 1.19.2-r0 None possibly vulnerable
wget 3.22-main 1.19.1-r1 None possibly vulnerable
wget 3.21-main 1.25.0-r0 Carlo Landmeter <clandmeter@alpinelinux.org> possibly vulnerable
wget 3.21-main 1.20.3-r0 None possibly vulnerable
wget 3.21-main 1.20.1-r0 None possibly vulnerable
wget 3.21-main 1.19.5-r0 None possibly vulnerable
wget 3.21-main 1.19.2-r0 None possibly vulnerable
wget 3.21-main 1.19.1-r1 None possibly vulnerable
wget 3.20-main 1.24.5-r0 Carlo Landmeter <clandmeter@alpinelinux.org> possibly vulnerable
wget 3.20-main 1.20.3-r0 None possibly vulnerable
wget 3.20-main 1.20.1-r0 None possibly vulnerable
wget 3.20-main 1.19.5-r0 None possibly vulnerable
wget 3.20-main 1.19.2-r0 None possibly vulnerable
wget 3.20-main 1.19.1-r1 None possibly vulnerable
wget 3.19-main 1.21.4-r0 Carlo Landmeter <clandmeter@alpinelinux.org> possibly vulnerable
wget 3.19-main 1.20.3-r0 None possibly vulnerable
wget 3.19-main 1.20.1-r0 None possibly vulnerable
wget 3.19-main 1.19.5-r0 None possibly vulnerable
wget 3.19-main 1.19.2-r0 None possibly vulnerable
wget 3.19-main 1.19.1-r1 None possibly vulnerable