CVE-2025-69195

High

Published: 09 January 2026

Published

09 January 2026

Modified

05 March 2026

KEV Added

—

Patch

—

CVSS Score 7.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H

EPSS Score 0.0011 29.4th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Description

A flaw was found in GNU Wget2. This vulnerability, a stack-based buffer overflow, occurs in the filename sanitization logic when processing attacker-controlled URL paths, particularly when filename restriction options are active. A remote attacker can exploit this by providing a…

specially crafted URL, which, upon user interaction with wget2, can lead to memory corruption. This can cause the application to crash and potentially allow for further malicious activities.

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

SI-2 mandates identification, reporting, and timely patching of system flaws like this stack-based buffer overflow in GNU Wget2, directly preventing exploitation.

SI-16 Memory Protection good match

prevent

SI-16 enforces memory protections such as stack guards, DEP, and ASLR that comprehensively mitigate stack buffer overflow attempts causing memory corruption.

RA-5 Vulnerability Monitoring and Scanning partial match

detect

RA-5 requires vulnerability scanning to detect the presence of CVE-2025-69195 in GNU Wget2 deployments, facilitating proactive flaw remediation.

Security SummaryAI

CVE-2025-69195 is a stack-based buffer overflow vulnerability (CWE-121) in GNU Wget2, occurring in the filename sanitization logic when processing attacker-controlled URL paths, particularly when filename restriction options are active. Published on 2026-01-09, it allows memory corruption upon user interaction with wget2 processing a malicious URL.

A remote attacker with no privileges can exploit this vulnerability over the network with low complexity by providing a specially crafted URL. Exploitation requires user interaction, such as executing wget2 on the URL, which triggers the buffer overflow leading to memory corruption. This can cause the application to crash (high availability impact) and potentially enable limited confidentiality and integrity impacts, as reflected in the CVSS v3.1 base score of 7.6 (AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H).

Red Hat advisories provide further details on this issue, including potential patches and mitigation guidance, at https://access.redhat.com/security/cve/CVE-2025-69195 and the Bugzilla tracker entry https://bugzilla.redhat.com/show_bug.cgi?id=2425770.

Details

CWE(s): CWE-121

Affected Products

gnu

wget2

2.1.0 — 2.2.1

MITRE ATT&CK Enterprise TechniquesAI

T1203 Exploitation for Client Execution Execution

Adversaries may exploit software vulnerabilities in client applications to execute code.

attack.mitre.org →

Why these techniques?

Stack-based buffer overflow in client tool GNU Wget2, exploitable via malicious URL with user interaction, directly enables exploitation for client execution (T1203).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References

https://access.redhat.com/security/cve/CVE-2025-69195
Third Party Advisory · patrick@puiterwijk.org
https://bugzilla.redhat.com/show_bug.cgi?id=2425770
Issue Tracking, Third Party Advisory · patrick@puiterwijk.org