Cyber Resilience

CVE-2025-69195

High

Published: 09 January 2026

Published
09 January 2026
Modified
05 March 2026
KEV Added
Patch
CVSS Score v3.1 7.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H
EPSS Score 0.0029 20.6th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2025-69195 is a high-severity Stack-based Buffer Overflow (CWE-121) vulnerability in Gnu Wget2. Its CVSS base score is 7.6 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked at the 20.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2025-69195 is a stack-based buffer overflow vulnerability (CWE-121) in GNU Wget2, occurring in the filename sanitization logic when processing attacker-controlled URL paths, particularly when filename restriction options are active. Published on 2026-01-09, it allows memory corruption upon user interaction with wget2 processing a malicious URL.

A remote attacker with no privileges can exploit this vulnerability over the network with low complexity by providing a specially crafted URL. Exploitation requires user interaction, such as executing wget2 on the URL, which triggers the buffer overflow leading to memory corruption. This can cause the application to crash (high availability impact) and potentially enable limited confidentiality and integrity impacts, as reflected in the CVSS v3.1 base score of 7.6 (AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H).

Red Hat advisories provide further details on this issue, including potential patches and mitigation guidance, at https://access.redhat.com/security/cve/CVE-2025-69195 and the Bugzilla tracker entry https://bugzilla.redhat.com/show_bug.cgi?id=2425770.

EU & UK References

Vulnerability details

A flaw was found in GNU Wget2. This vulnerability, a stack-based buffer overflow, occurs in the filename sanitization logic when processing attacker-controlled URL paths, particularly when filename restriction options are active. A remote attacker can exploit this by providing a…

more

specially crafted URL, which, upon user interaction with wget2, can lead to memory corruption. This can cause the application to crash and potentially allow for further malicious activities.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1203 Exploitation for Client Execution Execution
Adversaries may exploit software vulnerabilities in client applications to execute code.
Why these techniques?

Stack-based buffer overflow in client tool GNU Wget2, exploitable via malicious URL with user interaction, directly enables exploitation for client execution (T1203).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-69194Same product: Gnu Wget2
CVE-2025-0840Same vendor: Gnu
CVE-2025-54480Shared CWE-121
CVE-2026-43661Shared CWE-121
CVE-2019-25321Shared CWE-121
CVE-2026-33554Shared CWE-121
CVE-2024-34579Shared CWE-121
CVE-2020-37142Shared CWE-121
CVE-2026-1761Shared CWE-121
CVE-2020-37181Shared CWE-121

Affected Assets

gnu
wget2
2.1.0 — 2.2.1

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

SI-2 mandates identification, reporting, and timely patching of system flaws like this stack-based buffer overflow in GNU Wget2, directly preventing exploitation.

prevent

SI-16 enforces memory protections such as stack guards, DEP, and ASLR that comprehensively mitigate stack buffer overflow attempts causing memory corruption.

detect

RA-5 requires vulnerability scanning to detect the presence of CVE-2025-69195 in GNU Wget2 deployments, facilitating proactive flaw remediation.

References