DEBIAN-CVE-2025-69195

See a problem?
Please try reporting it to the source first.
Source
https://security-tracker.debian.org/tracker/CVE-2025-69195
Import Source
https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2025-69195.json
JSON Data
https://api.osv.dev/v1/vulns/DEBIAN-CVE-2025-69195
Upstream
  • CVE-2025-69195
Published
2026-01-09T08:15:58.147Z
Modified
2026-01-19T08:19:15.995838Z
Severity
  • 7.6 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H CVSS Calculator
Summary
[none]
Details

A flaw was found in GNU Wget2. This vulnerability, a stack-based buffer overflow, occurs in the filename sanitization logic when processing attacker-controlled URL paths, particularly when filename restriction options are active. A remote attacker can exploit this by providing a specially crafted URL, which, upon user interaction with wget2, can lead to memory corruption. This can cause the application to crash and potentially allow for further malicious activities.

References

Affected packages

Debian:13 / wget2

Package

Name
wget2
Purl
pkg:deb/debian/wget2?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2.*
2.2.0+ds-1
2.2.0+ds-2
2.2.0+ds-3

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Database specific

source 
"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2025-69195.json"

Debian:14 / wget2

Package

Name
wget2
Purl
pkg:deb/debian/wget2?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.2.0+ds-3

Affected versions

2.*
2.2.0+ds-1
2.2.0+ds-2

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Database specific

source 
"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2025-69195.json"