AZL-73901

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-73901.json

JSON Data

https://api.osv.dev/v1/vulns/AZL-73901

Upstream

CVE-2025-69194

Published

2026-01-09T08:15:57Z

Modified

2026-04-21T04:34:01.478447Z

Summary

CVE-2025-69194 affecting package wget for versions less than 2.1.0-7

Details

A security issue was discovered in GNU Wget2 when handling Metalink documents. The application fails to properly validate file paths provided in Metalink <file name> elements. An attacker can abuse this behavior to write files to unintended locations on the system. This can lead to data loss or potentially allow further compromise of the user’s environment.

References

https://nvd.nist.gov/vuln/detail/CVE-2025-69194

Affected packages

Azure Linux:3 / wget

Package

Name: wget
Purl: pkg:rpm/azure-linux/wget

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.1.0-7

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-73901.json"