By rssfeeds-admin The vulnerability, officially tracked as CVE-2025-69194, poses a serious threat to users, allowing remote attackers to overwrite sensitive files on a victim’s computer without their permission.
Security experts have rated this issue as Important, assigning it a CVSS score of 8.8 out of 10.
This high score indicates a significant risk, particularly for users and organizations that rely on Wget2 for automated downloads or content mirroring.
The core of the problem lies in how Wget2 handles Metalink documents. Metalink is a standard that lists multiple ways to download a single file, such as through different mirror servers or peer-to-peer links.
Usually, when Wget2 reads a Metalink file, it is supposed to strictly control where the downloaded files are saved on your hard drive.
However, security researchers found that the application fails to verify the file paths listed in these documents correctly.
This type of flaw is known as a Path Traversal vulnerability.
By creating a malicious Metalink file with “tricked” filenames, often using special characters like ../ (dot-dot-slash), an attacker can escape the intended download folder.
This allows them to direct the software to save files anywhere on the system.
The consequences of this flaw are severe. Because the tool does not stop the files from landing in unauthorized locations, an attacker can manipulate the system in dangerous ways:
- Overwriting Critical Files: Attackers can replace essential system files, user documents, or configuration settings. This could lead to permanent data loss or cause the operating system to crash.
- Executing Malicious Code: By overwriting system scripts or startup files that run automatically, an attacker could trick the system into executing malware. This effectively gives them control over the user’s machine.
- Bypassing Security: Attackers could modify password files or security configurations, locking legitimate users out or creating “backdoors” that allow them to return later undetected.
Summary of the Flaw
- CVE ID: CVE-2025-69194
- Vulnerability Type: Arbitrary File Write (Path Traversal)
- Severity: High (Important)
- CVSS Score: 8.8 / 10
While this attack requires a user to interact with a malicious Metalink file, the potential for damage makes it a critical issue.
Users are strongly advised to update to the latest version of GNU Wget2 immediately. Additionally, avoid processing Metalink files from untrusted or unknown sources until the software is patched.
Follow us on Google News , LinkedIn and X to Get More Instant Updates. Set Cyber Press as a Preferred Source in Google.
The post Critical GNU Wget2 Vulnerability Allows Remote Attackers to Overwrite Sensitive Files appeared first on Cyber Security News.
Discover more from RSS Feeds Cloud
Subscribe to get the latest posts sent to your email.