CVE-2025-62511
BaseFortify
Publication date: 2025-10-17
Last updated on: 2025-10-21
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| zheny-creator | yt-grabber-tui | 1.0 |
| zheny-creator | yt-grabber-tui | 1.0.1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-367 | The product checks the state of a resource before using that resource, but the resource's state can change between the check and the use in a way that invalidates the results of the check. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Time-of-Check to Time-of-Use (TOCTOU) race condition in yt-grabber-tui version 1.0. The application checks if a configuration file (config.json) exists and if not, creates it. However, between the check and the creation, a local attacker with write access to the configuration directory can create a symbolic link named config.json pointing to an arbitrary file. When the application writes the configuration, it follows the symlink and overwrites the target file, allowing arbitrary file overwrite within the application's privileges. This can corrupt files or cause data loss, and if the application runs with elevated privileges, it could lead to system file corruption. [2, 1]
How can this vulnerability impact me? :
This vulnerability can lead to arbitrary file overwrite by a local attacker with write access to the configuration directory. Potential impacts include corruption of critical system files, loss of application or user data, privilege escalation (such as modifying /etc/sudoers to gain root access), denial-of-service by corrupting essential files like /etc/passwd, and overwriting SSH keys. The attack requires precise timing but can be automated. The severity is high, especially if the application runs with elevated privileges. [2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring the configuration directory (~/.config/yt-grabber-tui on Linux or the current working directory on Windows) for the presence of symbolic links named config.json, which could be used to exploit the TOCTOU race condition. On Linux systems, you can use the command 'find ~/.config/yt-grabber-tui -type l -name config.json' to detect such symlinks. Additionally, using 'inotifywait' to watch for creation or modification of symlinks in the configuration directory can help detect attempts to exploit the vulnerability in real time. [2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include upgrading yt-grabber-tui to version 1.0.1 or later, which contains the fix for this vulnerability by implementing atomic file creation and rename operations. If upgrading is not immediately possible, apply workarounds such as setting a strict umask (e.g., 'umask 077') to limit file permissions, avoiding running the application with elevated privileges or as root, restricting write access to the configuration directory (e.g., 'chmod 700 ~/.config/yt-grabber-tui'), and manually monitoring the configuration directory for suspicious symlinks. [2]