Sign In

CVE-2025-69194

ADVISORY - nist

Summary

A security issue was discovered in GNU Wget2 when handling Metalink documents. The application fails to properly validate file paths provided in Metalink elements. An attacker can abuse this behavior to write files to unintended locations on the system. This can lead to data loss or potentially allow further compromise of the user’s environment.

EPSS Score: 0.00027 (0.074)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

ADVISORY - redhat

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Impacted images

Advisories

NIST

CREATED

UPDATED

ADVISORY IDCVE-2025-69194
EXPLOITABILITY SCORE

2.8

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CWE-22

CVSS SCORE

8.8high

Alpine

CREATED

UPDATED

ADVISORY IDCVE-2025-69194
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM ADVISORY

Debian

CREATED

UPDATED

ADVISORY IDCVE-2025-69194
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM ADVISORY

Ubuntu

CREATED

UPDATED

ADVISORY IDCVE-2025-69194
EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

9.8medium

Red Hat

CREATED

UPDATED

ADVISORY IDCVE-2025-69194
EXPLOITABILITY SCORE

2.8

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CWE-22

CVSS SCORE

8.8high