CVE-2025-62363
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-10-13

Last updated on: 2025-10-14

Assigner: GitHub, Inc.

Description
yt-grabber-tui is a terminal user interface application for downloading videos. In versions before 1.0-rc, the application allows users to configure the path to the yt-dlp executable via the path_to_yt_dlp configuration setting. An attacker with write access to the configuration file or the filesystem location of the configured executable can replace the executable with malicious code or create a symlink to an arbitrary executable. When the application invokes yt-dlp, the malicious code is executed with the privileges of the user running yt-grabber-tui. This vulnerability has been patched in version 1.0-rc.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-10-13
Last Modified
2025-10-14
Generated
2026-06-16
AI Q&A
2025-10-14
EPSS Evaluated
2026-06-15
NVD
CVE-2025-62363
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
yt-dlp yt-dlp *
zheny-creator yt-grabber-tui *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-59 The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability in yt-grabber-tui versions before 1.0-rc allows an attacker who has write access to the configuration file or the filesystem location of the yt-dlp executable to replace the executable with malicious code or create a symlink to an arbitrary executable. When yt-grabber-tui runs yt-dlp, the malicious code is executed with the privileges of the user running the application.

Impact Analysis

If exploited, this vulnerability can lead to execution of arbitrary malicious code with the same privileges as the user running yt-grabber-tui. This can result in compromise of the user's system, including potential data theft, system manipulation, or further attacks.

Mitigation Strategies

Upgrade yt-grabber-tui to version 1.0-rc or later, as this version contains the patch for the vulnerability. Additionally, ensure that only trusted users have write access to the configuration file and the filesystem location of the yt-dlp executable to prevent replacement or symlink attacks.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-62363. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart