216.73.217.50

CVE-2025-62363

· Published 13/10/2025 22:15 · Modified 13/10/2025 22:15

Labels: CVE-2025-62363 2025-10-13CVE-2025-62363CWE-59[email protected]

Essential information

Published
13/10/2025 22:15
Modified
13/10/2025 22:15
Author
Creator
CVSS
7.8 HIGH (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS metrics

Description

yt-grabber-tui is a terminal user interface application for downloading videos. In versions before 1.0-rc, the application allows users to configure the path to the yt-dlp executable via the path_to_yt_dlp configuration setting. An attacker with write access to the configuration file or the filesystem location of the configured executable can replace the executable with malicious code or create a symlink to an arbitrary executable. When the application invokes yt-dlp, the malicious code is executed with the privileges of the user running yt-grabber-tui. This vulnerability has been patched in version 1.0-rc.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
yt-grabber / yt-grabber-tui cpe:2.3:a:yt-grabber:yt-grabber-tui:<1.0-rc:*:*:*:*:*:*:*
yt-dlp / yt-dlp cpe:2.3:a:yt-dlp:yt-dlp:*:*:*:*:*:*:*:*

References