2425773 – (CVE-2025-69194) CVE-2025-69194 wget2: Arbitrary File Write via Metalink Path Traversal in GNU Wget2

Bug 2425773 (CVE-2025-69194) - CVE-2025-69194 wget2: Arbitrary File Write via Metalink Path Traversal in GNU Wget2

Summary: CVE-2025-69194 wget2: Arbitrary File Write via Metalink Path Traversal in GNU...

Keywords:
Status:	NEW
Alias:	CVE-2025-69194
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2425779 2425780 2425781 2425782 2425783
Blocks:
TreeView+	depends on / blocked

Reported:	2025-12-29 14:15 UTC by OSIDB Bzimport
Modified:	2025-12-29 14:36 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2025-12-29 14:15:14 UTC

Path traversal vulnerability in the Metalink processing logic of GNU Wget2. The issue arises when wget2 trusts attacker-supplied <file name> values in Metalink v3/v4 documents without proper sanitization. By specifying traversal sequences or absolute paths, an attacker can cause wget2 to create, truncate, or overwrite arbitrary files writable by the victim user. The vulnerability is remotely exploitable, requires no authentication, and can lead to data loss or potential code execution by overwriting user-executed configuration or startup files.

Note You need to log in before you can comment on or make changes to this bug.