Description

yt-grabber-tui is a terminal user interface application for downloading videos. In versions before 1.0-rc, the application allows users to configure the path to the yt-dlp executable via the path_to_yt_dlp configuration setting. An attacker with write access to the configuration file or the filesystem location of the configured executable can replace the executable with malicious code or create a symlink to an arbitrary executable. When the application invokes yt-dlp, the malicious code is executed with the privileges of the user running yt-grabber-tui. This vulnerability has been patched in version 1.0-rc.

INFO

Published Date :

2025-10-13T21:37:48.474Z

Last Modified :

2025-10-14T15:16:16.648Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-62363 vulnerability.

Vendors Products
Ytgrabber-tui
  • Ytgrabber-tui
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-62363.

URL Resource
https://github.com/zheny-creator/YtGrabber-TUI/commit/7adfdb68e8bf24559d1e9d8d4668de3d82c45591 cve-icon cve-icon
https://github.com/zheny-creator/YtGrabber-TUI/security/advisories/GHSA-94c4-wh57-8p9c cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact