CVE-2025-62363
Unknown Unknown - Not Provided

BaseFortify

Vulnerability report for CVE-2025-62363, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2025-10-13

Last updated on: 2025-10-14

Assigner: GitHub, Inc.

Description

yt-grabber-tui is a terminal user interface application for downloading videos. In versions before 1.0-rc, the application allows users to configure the path to the yt-dlp executable via the path_to_yt_dlp configuration setting. An attacker with write access to the configuration file or the filesystem location of the configured executable can replace the executable with malicious code or create a symlink to an arbitrary executable. When the application invokes yt-dlp, the malicious code is executed with the privileges of the user running yt-grabber-tui. This vulnerability has been patched in version 1.0-rc.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2025-10-13
Last Modified
2025-10-14
Generated
2026-07-06
AI Q&A
2025-10-14
EPSS Evaluated
2026-07-05
NVD

Affected Vendors & Products

Showing 2 associated CPEs
Vendor Product Version / Range
yt-dlp yt-dlp *
zheny-creator yt-grabber-tui *

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-59 The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability in yt-grabber-tui versions before 1.0-rc allows an attacker who has write access to the configuration file or the filesystem location of the yt-dlp executable to replace the executable with malicious code or create a symlink to an arbitrary executable. When yt-grabber-tui runs yt-dlp, the malicious code is executed with the privileges of the user running the application.

Impact Analysis

If exploited, this vulnerability can lead to execution of arbitrary malicious code with the same privileges as the user running yt-grabber-tui. This can result in compromise of the user's system, including potential data theft, system manipulation, or further attacks.

Mitigation Strategies

Upgrade yt-grabber-tui to version 1.0-rc or later, as this version contains the patch for the vulnerability. Additionally, ensure that only trusted users have write access to the configuration file and the filesystem location of the yt-dlp executable to prevent replacement or symlink attacks.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-62363. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart