DEBIAN-CVE-2025-69194

See a problem?
Please try reporting it to the source first.

Source

https://security-tracker.debian.org/tracker/CVE-2025-69194

Import Source

https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2025-69194.json

JSON Data

https://api.osv.dev/v1/vulns/DEBIAN-CVE-2025-69194

Upstream

CVE-2025-69194

Published

2026-01-09T08:15:57.980Z

Modified

2026-01-19T08:18:39.393257Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

A security issue was discovered in GNU Wget2 when handling Metalink documents. The application fails to properly validate file paths provided in Metalink <file name> elements. An attacker can abuse this behavior to write files to unintended locations on the system. This can lead to data loss or potentially allow further compromise of the user’s environment.

References

https://security-tracker.debian.org/tracker/CVE-2025-69194

Affected packages

Debian:11 / wget2

Package

Name: wget2
Purl: pkg:deb/debian/wget2?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.99.1-2.2

2.*

2.1.0-1

2.1.0-2

2.1.0-2.1~exp1

2.1.0-2.1

2.1.0-3

2.1.0-4

2.1.0-5

2.2.0+ds-1~exp1

2.2.0+ds-1~exp2

2.2.0+ds-1~exp3

2.2.0+ds-1

2.2.0+ds-2

2.2.0+ds-3

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2025-69194.json"

Debian:12 / wget2

Package

Name: wget2
Purl: pkg:deb/debian/wget2?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.99.1-2.2

2.*

2.1.0-1

2.1.0-2

2.1.0-2.1~exp1

2.1.0-2.1

2.1.0-3

2.1.0-4

2.1.0-5

2.2.0+ds-1~exp1

2.2.0+ds-1~exp2

2.2.0+ds-1~exp3

2.2.0+ds-1

2.2.0+ds-2

2.2.0+ds-3

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2025-69194.json"

Debian:13 / wget2

Package

Name: wget2
Purl: pkg:deb/debian/wget2?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.2.0+ds-1

2.2.0+ds-2

2.2.0+ds-3

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2025-69194.json"

Debian:14 / wget2

Package

Name: wget2
Purl: pkg:deb/debian/wget2?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.2.0+ds-3

Affected versions

2.*

2.2.0+ds-1

2.2.0+ds-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2025-69194.json"