Critical GNU Wget2 Flaw Lets Remote Attackers Over

A Critical GNU Wget2, a widely used command-line utility for web file downloads.

`The flaw, tracked as CVE-2025-69194, allows remote attackers to overwrite arbitrary files on a victim’s system, potentially leading to data loss or complete system compromise.

The vulnerability stems from improper validation of file paths in Metalink documents processed by Wget2. Metalink is a format that describes download locations and file checksums.

Attackers can craft malicious Metalink files containing path traversal sequences that trick Wget2 into writing files to unintended locations on the filesystem.

When a user downloads and processes a weaponized Metalink document, the application fails to sanitize the file paths in the metadata correctly.

This allows an attacker to specify arbitrary locations where files should be written, limited only by the permissions of the user running wget2.

According to the Common Weakness Enumeration (CWE-22), this path traversal flaw can have multiple severe consequences.

Attackers may overwrite critical system files, programs, or libraries used for code execution. They could modify security configuration files to bypass authentication mechanisms or create backdoor accounts.

In some scenarios, attackers may read sensitive files by directing wget2 to copy them to accessible locations. Red Hat has classified this vulnerability as of Important severity.

Noting that while it requires user interaction to process the malicious Metalink file, exploitation can realistically lead to local code execution or data corruption.

The vulnerability can also cause denial-of-service attacks by corrupting or deleting essential system files. Currently, no complete mitigation is available that meets enterprise deployment standards.

Users should avoid processing Metalink files from untrusted sources and monitor for security updates from the GNU Wget2 project.

Organizations should assess their exposure and implement network-level controls to limit potential exploitation until patches become widely available.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.