Ce mail provient de l'extérieur, restons vigilants ===================================================================== CERT-Renater Note d'Information No. 2026/VULN003 _____________________________________________________________________ DATE : 07/01/2025 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Systems running GNU Wget2 versions prior to 2.2.1. ===================================================================== https://gitlab.com/gnuwget/wget2/-/blob/master/NEWS?ref_type=heads https://access.redhat.com/security/cve/cve-2025-69194 _____________________________________________________________________ 30.12.2025 Release v2.2.1 * Fix file overwrite issue with metalink * Fix remote buffer overflow in get_local_filename_real() * Fix a redirect/mirror regression from 400713ca * Use the local system timestamp when requested via --no-use-server-timestamps * Prevent file truncation with --no-clobber * Improve messages about why URLs are not being followed * Fix metalink with -O/--output-document * Fix sorting of metalink mirrors by priority * Add --show-progress to improve backwards compatibility to wget * Fix buffer overflow in wget_iri_clone() after wget_iri_set_scheme() * Allow 'no_' prefix in config options * Use libnghttp2 for HTTP/2 testing * Fix WolfSSL build issue if SSLv2 isn't built into the library * Set exit status to 8 on 403 response code * Fix convert-links * Fix --server-response for HTTP/1.1 * Fix anchor links in README.md for Gitlab * Fix html examples in the documentation * Improvements on code, docs and CI/testing _____________________________________________________________________ CVE-2025-69194 Description A security issue was discovered in GNU Wget2 when handling Metalink documents. The application fails to properly validate file paths provided in Metalink elements. An attacker can abuse this behavior to write files to unintended locations on the system. This can lead to data loss or potentially allow further compromise of the user’s environment. Statement This vulnerability is rated Important for Red Hat, as it allows a remote attacker to overwrite arbitrary files within the permissions of the user running wget2. While user interaction is required to process the Metalink file, exploitation can plausibly lead to loss of data or local code execution. The root cause is insufficient validation of file paths supplied via Metalink metadata. Mitigation Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability. Additional information Bugzilla 2425773: wget2: Arbitrary File Write via Metalink Path Traversal in GNU Wget2 CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') External references https://www.cve.org/CVERecord?id=CVE-2025-69194 https://nvd.nist.gov/vuln/detail/CVE-2025-69194 Understanding the Weakness (CWE) CWE-22 Integrity,Confidentiality,Availability Technical Impact:Execute Unauthorized Code or Commands The attacker may be able to create or overwrite critical files that are used to execute code, such as programs or libraries. Integrity Technical Impact:Modify Files or Directories The attacker may be able to overwrite or create critical files, such as programs, libraries, or important data. If the targeted file is used for a security mechanism, then the attacker may be able to bypass that mechanism. For example, appending a new account at the end of a password file may allow an attacker to bypass authentication. Confidentiality Technical Impact:Read Files or Directories The attacker may be able read the contents of unexpected files and expose sensitive data. If the targeted file is used for a security mechanism, then the attacker may be able to bypass that mechanism. For example, by reading a password file, the attacker could conduct brute force password guessing attacks in order to break into an account on the system. Availability Technical Impact:DoS: Crash, Exit, or Restart The attacker may be able to overwrite, delete, or corrupt unexpected critical files such as programs, libraries, or important data. This may prevent the product from working at all and in the case of protection mechanisms such as authentication, it has the potential to lock out product users. Acknowledgements Red Hat would like to thank Arkadi Vainbrand for reporting this issue. ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23/25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email:cert@support.renater.fr + =========================================================