CVE-2025-69195

High

Published: 09 January 2026

Published

09 January 2026

Modified

05 March 2026

KEV Added

—

Patch

—

CVSS Score 7.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H

EPSS Score 0.0016 36.5th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-69195 is a high-severity Stack-based Buffer Overflow (CWE-121) vulnerability in Gnu Wget2. Its CVSS base score is 7.6 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked at the 36.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Client Execution (T1203). What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

SI-2 mandates identification, reporting, and timely patching of system flaws like this stack-based buffer overflow in GNU Wget2, directly preventing exploitation.

SI-16 Memory Protection good match

prevent

SI-16 enforces memory protections such as stack guards, DEP, and ASLR that comprehensively mitigate stack buffer overflow attempts causing memory corruption.

RA-5 Vulnerability Monitoring and Scanning partial match

detect

RA-5 requires vulnerability scanning to detect the presence of CVE-2025-69195 in GNU Wget2 deployments, facilitating proactive flaw remediation.

MITRE ATT&CK Enterprise TechniquesAI

T1203 Exploitation for Client Execution Execution

Adversaries may exploit software vulnerabilities in client applications to execute code.

attack.mitre.org →

Why these techniques?

Stack-based buffer overflow in client tool GNU Wget2, exploitable via malicious URL with user interaction, directly enables exploitation for client execution (T1203).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

A flaw was found in GNU Wget2. This vulnerability, a stack-based buffer overflow, occurs in the filename sanitization logic when processing attacker-controlled URL paths, particularly when filename restriction options are active. A remote attacker can exploit this by providing a…

specially crafted URL, which, upon user interaction with wget2, can lead to memory corruption. This can cause the application to crash and potentially allow for further malicious activities.

Deeper analysisAI

CVE-2025-69195 is a stack-based buffer overflow vulnerability (CWE-121) in GNU Wget2, occurring in the filename sanitization logic when processing attacker-controlled URL paths, particularly when filename restriction options are active. Published on 2026-01-09, it allows memory corruption upon user interaction with wget2 processing a malicious URL.

A remote attacker with no privileges can exploit this vulnerability over the network with low complexity by providing a specially crafted URL. Exploitation requires user interaction, such as executing wget2 on the URL, which triggers the buffer overflow leading to memory corruption. This can cause the application to crash (high availability impact) and potentially enable limited confidentiality and integrity impacts, as reflected in the CVSS v3.1 base score of 7.6 (AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H).

Red Hat advisories provide further details on this issue, including potential patches and mitigation guidance, at https://access.redhat.com/security/cve/CVE-2025-69195 and the Bugzilla tracker entry https://bugzilla.redhat.com/show_bug.cgi?id=2425770.