CVE-2025-69195

EUVD-2026-1777

09.01.2026, 08:15

A flaw was found in GNU Wget2. This vulnerability, a stack-based buffer overflow, occurs in the filename sanitization logic when processing attacker-controlled URL paths, particularly when filename restriction options are active. A remote attacker can exploit this by providing a specially crafted URL, which, upon user interaction with wget2, can lead to memory corruption. This can cause the application to crash and potentially allow for further malicious activities.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	7.6 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: Unknown

Affected Products (NVD)

Vendor	Product	Version
gnu	wget2	2.1.0 ≤ 𝑥 < 2.2.1

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

wget2

bookworm	1.99.1-2.2 fixed
bullseye	1.99.1-2.2 fixed
forky	2.2.0+ds-3 fixed
sid	2.2.0+ds-3 fixed
trixie	2.2.0+ds-1+deb13u1 fixed

Common Weakness Enumeration

CWE-121 - Stack-based Buffer Overflow
A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

References

https://access.redhat.com/security/cve/CVE-2025-69195

https://bugzilla.redhat.com/show_bug.cgi?id=2425770