CVE-2025-69195 – A stack-based buffer overflow vulnerability in ... (How to Fix)

Q: What is the severity of CVE-2025-69195?

CVE-2025-69195 has a CVSS score of 7.6 (HIGH). A stack-based buffer overflow vulnerability in GNU Wget2's filename sanitization logic allows remote attackers to trigger memory corruption via specially crafted URLs. This can cause application crashes and potentially enable arbitrary code execution. Users and systems running vulnerable versions of Wget2 are affected when processing untrusted URLs.

📋 TL;DR

A stack-based buffer overflow vulnerability in GNU Wget2's filename sanitization logic allows remote attackers to trigger memory corruption via specially crafted URLs. This can cause application crashes and potentially enable arbitrary code execution. Users and systems running vulnerable versions of Wget2 are affected when processing untrusted URLs.

💻 Affected Systems

Products:

GNU Wget2

Versions: All versions prior to the patched release (specific version TBD from vendor advisory)

Operating Systems: Linux, Unix-like systems, Windows (if compiled from source)

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability triggers when filename restriction options are active and processing attacker-controlled URLs.

📦 What is this software?

Wget2 by Gnu

View all CVEs affecting Wget2 →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to full system compromise, data theft, or lateral movement within the network.

🟠

Likely Case

Application crash (denial of service) with potential for limited code execution depending on exploit sophistication.

🟢

If Mitigated

Application crash with no further impact if exploit attempts are blocked or fail.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires user interaction (running wget2 on malicious URL) and specific filename restriction configurations.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check vendor advisory for specific patched version

Vendor Advisory: https://access.redhat.com/security/cve/CVE-2025-69195

Restart Required: No

Instructions:

1. Check current wget2 version: wget2 --version
2. Update via package manager: sudo apt update && sudo apt upgrade wget2 (Debian/Ubuntu) OR sudo yum update wget2 (RHEL/CentOS)
3. Verify update: wget2 --version

🔧 Temporary Workarounds

Disable filename restriction options

all

Avoid using --restrict-file-names or similar options that trigger the vulnerable code path

Avoid using: wget2 --restrict-file-names=nocontrol ...

Use URL filtering

all

Implement network filtering to block suspicious URLs containing path manipulation patterns

🧯 If You Can't Patch

Restrict wget2 usage to trusted sources only through policy controls
Monitor for crash logs and unusual wget2 process behavior

🔍 How to Verify

Check if Vulnerable:

Check if wget2 version is older than patched release and if --restrict-file-names options are used

Check Version:

wget2 --version | head -1

Verify Fix Applied:

Confirm wget2 version is updated to patched release and test with known safe URLs

📡 Detection & Monitoring

Log Indicators:

Wget2 crash logs (segmentation faults)
Unusual command-line arguments with long URL paths

Network Indicators:

Outbound connections to suspicious URLs with complex path structures

SIEM Query:

process.name:"wget2" AND (event.action:"segmentation fault" OR cmdline:"--restrict-file-names")

📊 Metadata

CVE ID: CVE-2025-69195

CVSS v3 Score: 7.6 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H

CWE: CWE-121

EPSS Score: 0.09% exploit probability (25.9th percentile)

Published: January 9, 2026

Last Updated: March 5, 2026

🔗 References

https://access.redhat.com/security/cve/CVE-2025-69195 Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2425770 Issue Tracking,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-69195, you might also want to check these: