Unrated severityNVD Advisory· Published Jan 9, 2026· Updated Feb 26, 2026
Wget2: arbitrary file write via metalink path traversal in gnu wget2
CVE-2025-69194
Description
A security issue was discovered in GNU Wget2 when handling Metalink documents. The application fails to properly validate file paths provided in Metalink elements. An attacker can abuse this behavior to write files to unintended locations on the system. This can lead to data loss or potentially allow further compromise of the user’s environment.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3- osv-coords2 versionspkg:rpm/opensuse/wget2&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/wget2&distro=openSUSE%20Tumbleweed
< 2.2.1-bp160.1.1+ 1 more
- (no CPE)range: < 2.2.1-bp160.1.1
- (no CPE)range: < 2.2.1-1.1
Patches
Vulnerability mechanics
References
2- access.redhat.com/security/cve/CVE-2025-69194mitrevdb-entryx_refsource_REDHAT
- bugzilla.redhat.com/show_bug.cgimitreissue-trackingx_refsource_REDHAT
News mentions
0No linked articles in our index yet.