← volver
CVE-2025-69195

Wget2: gnu wget2: memory corruption and crash via filename sanitization logic with attacker-controlled urls

CVSS 7.6 HIGHEPSS 0.3%CWE-121
Vexday Risk Score
21Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 7.6EPSS 0.3%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
09 ene 2026Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
A flaw was found in GNU Wget2. This vulnerability, a stack-based buffer overflow, occurs in the filename sanitization logic when processing attacker-controlled URL paths, particularly when filename restriction options are active. A remote attacker can exploit this by providing a specially crafted URL, which, upon user interaction with wget2, can lead to memory corruption. This can cause the application to crash and potentially allow for further malicious activities.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H
Productos afectados
wget2