Wget2: arbitrary file write via metalink path traversal in gnu wget2

...

MGASA-2026-0002 Updated wget2 packages fix security vulnerability

Arbitrary File Write via Metalink Path Traversal in GNU Wget2. CVE-2025-69194...

AZL-73904 CVE-2025-69195 affecting package wget for versions less than 2.1.0-7

A flaw was found in GNU Wget2. This vulnerability, a stack-based buffer overflow, occurs in the filename sanitization logic when processing attacker-controlled URL paths, particularly when filename restriction options are active. A remote attacker can exploit this by providing a specially crafted...

CVE-2025-69195

A flaw was found in GNU Wget2. This vulnerability, a stack-based buffer overflow, occurs in the filename sanitization logic when processing attacker-controlled URL paths, particularly when filename restriction options are active. A remote attacker can exploit this by providing a specially crafted...

CVE-2025-69195

A flaw was found in GNU Wget2. This vulnerability, a stack-based buffer overflow, occurs in the filename sanitization logic when processing attacker-controlled URL paths, particularly when filename restriction options are active. A remote attacker can exploit this by providing a specially crafted...

CVE-2025-69194

A security issue was discovered in GNU Wget2 when handling Metalink documents. The application fails to properly validate file paths provided in Metalink elements. An attacker can abuse this behavior to write files to unintended locations on the system. This can lead to data loss or potentially...

Exploit for CVE-2025-69194

CVE-2025-69194: GNU Wget2 Path Traversal Vulnerability 📝 D...

wget2/wget_options_fuzzer: Stack-buffer-overflow in _compare_tag

Project: https://gitlab.com/gnuwget/wget2.git Detailed report: https://oss-fuzz.com/testcase?key=5670699290591232 Project: wget2 Fuzzer: libFuzzerwget2wgetoptionsfuzzer Fuzz target binary: wgetoptionsfuzzer Job Type: libfuzzerasanwget2 Platform Id: linux Crash Type: Stack-buffer-overflow READ 8...