Critical GNU Wget2 Vulnerability Lets Attackers Overwrite System Files

Serious GNU Wget2 flaw (CVE-2025-69194) lets attackers overwrite files remotely. Avoid untrusted Metalinks. Rated 8.8 CVSS.

By Content Team

Jan 5, 2026

ON THIS PAGE

Share

---

ON THIS PAGE

Want more insights like this?

Subscribe to our newsletter to get the latest software protection strategies delivered to your inbox.

By submitting your email, you consent to Codekeeper contacting you and agree to our privacy policy.

A serious security flaw in GNU Wget2 (CVE-2025-69194) allows remote attackers to overwrite files anywhere on a victim's computer. The vulnerability exploits how Wget2 processes Metalink documents, which describe download locations and checksums.

Attackers can create malicious Metalink files with path traversal sequences that trick Wget2 into writing files to dangerous locations. When users download these weaponized documents, the tool fails to properly validate file paths, potentially allowing attackers to overwrite system files, modify security settings, or create backdoor accounts.

Red Hat rates this as "Important" severity with a CVSS score of 8.8. Currently, no complete fix exists, so users should avoid processing Metalink files from untrusted sources.

Source: Cybersecurity News

Share this article

Have questions about protecting your software?

Our escrow experts are standing by to help.

Book a free demo

YOU MAY ALSO LIKE

Saudi Arabia Ordered to Pay £3m to London Dissident Over Pegasus Spying

Jan 29, 2026

Hims Telehealth Breach Exposes Highly Sensitive Patient Data

Apr 11, 2026

Russian Hackers Permanently Damage Equipment in Attack on Polish Power Grid

Jan 30, 2026

87,000+ MongoDB Databases Exposed to Critical MongoBleed Vulnerability

Dec 28, 2025