CVE-2025-62363
📋 TL;DR
This vulnerability allows attackers with write access to the configuration file or filesystem to replace the yt-dlp executable with malicious code or create a symlink to arbitrary executables. When yt-grabber-tui invokes yt-dlp, the malicious code executes with the privileges of the user running the application. All users running yt-grabber-tui versions before 1.0-rc are affected.
💻 Affected Systems
- yt-grabber-tui
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Full system compromise through arbitrary code execution with the privileges of the user running yt-grabber-tui, potentially leading to privilege escalation if run as root or administrator.
Likely Case
Local privilege escalation or arbitrary code execution within the user's context, potentially leading to data theft, persistence mechanisms, or lateral movement.
If Mitigated
Limited impact if proper file permissions prevent unauthorized write access to configuration files and executable paths.
🎯 Exploit Status
Exploitation requires write access to configuration files or the filesystem location of the configured executable, making it primarily a local attack vector.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.0-rc
Vendor Advisory: https://github.com/zheny-creator/YtGrabber-TUI/security/advisories/GHSA-94c4-wh57-8p9c
Restart Required: Yes
Instructions:
1. Update yt-grabber-tui to version 1.0-rc or later. 2. Restart the application to apply the fix.
🔧 Temporary Workarounds
Restrict configuration file permissions
linuxSet strict file permissions on the yt-grabber-tui configuration file to prevent unauthorized writes.
chmod 600 ~/.config/yt-grabber-tui/config.toml
Use absolute paths with restricted permissions
allConfigure yt-dlp to use an absolute path in a directory with restricted write permissions.
🧯 If You Can't Patch
- Implement strict file permissions on configuration files and executable directories
- Monitor for unauthorized changes to yt-dlp executable or configuration files
🔍 How to Verify
Check if Vulnerable:
Check if yt-grabber-tui version is earlier than 1.0-rc by running the application with --version flag or checking package manager.Check Version:
yt-grabber-tui --versionVerify Fix Applied:
Confirm yt-grabber-tui version is 1.0-rc or later and test that configuration changes to path_to_yt_dlp no longer allow arbitrary executable execution.📡 Detection & Monitoring
Log Indicators:
- Unexpected process execution from yt-grabber-tui
- Configuration file modification events
- Unauthorized file writes to yt-dlp executable path
Network Indicators:
- Unusual outbound connections from yt-grabber-tui process
SIEM Query:
process_name:yt-grabber-tui AND (process_execution:unexpected OR file_modification:config.toml OR file_modification:yt-dlp)