Description

YoutubeDLSharp is a wrapper for the command-line video downloaders youtube-dl and yt-dlp. In versions starting from 1.0.0-beta4 and prior to 1.1.2, an unsafe conversion of arguments allows the injection of a malicious commands when starting `yt-dlp` from a commands prompt running on Windows OS with the `UseWindowsEncodingWorkaround` value defined to true (default behavior). If a user is using built-in methods from the YoutubeDL.cs file, the value is true by default and a user cannot disable it from these methods. This issue has been patched in version 1.1.2.

INFO

Published Date :

2025-04-24T18:04:48.447Z

Last Modified :

2025-04-24T19:04:13.866Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-43858 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-43858.

URL Resource
https://github.com/Bluegrams/YoutubeDLSharp/commit/b6051372bd5af30f95f73de47d9bc71c3a07de0f cve-icon cve-icon
https://github.com/Bluegrams/YoutubeDLSharp/commit/fdf3256da18d0e2da4a2f33ad4a1b72ff8273a50 cve-icon cve-icon
https://github.com/Bluegrams/YoutubeDLSharp/security/advisories/GHSA-2jh5-g5ch-43q5 cve-icon cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact