CVE-2025-62511
📋 TL;DR
This vulnerability allows local attackers with write access to the application's configuration directory to exploit a TOCTOU race condition during configuration file creation. By creating a symbolic link between the existence check and file write operations, attackers can overwrite arbitrary files accessible to the running process. Users of yt-grabber-tui version 1.0 on Linux or Windows are affected.
💻 Affected Systems
- yt-grabber-tui
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
If the application runs with elevated privileges (e.g., root/admin), attackers could overwrite critical system files, potentially leading to system compromise, data corruption, or denial of service.
Likely Case
Local attackers can overwrite user files in the application's directory or other writable locations, causing data loss, application corruption, or privilege escalation if sensitive files are targeted.
If Mitigated
With proper file permissions restricting write access to configuration directories and running the application with minimal privileges, impact is limited to the user's own files.
🎯 Exploit Status
Exploitation requires local access, write permissions to configuration directory, and precise timing to win the race condition.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Version 1.0.1
Vendor Advisory: https://github.com/zheny-creator/YtGrabber-TUI/security/advisories/GHSA-hwwf-fq6p-rw9q
Restart Required: No
Instructions:
1. Update yt-grabber-tui to version 1.0.1 or later. 2. On Linux: Use package manager or compile from source. 3. On Windows: Download updated binary from official repository.
🔧 Temporary Workarounds
Secure configuration directory permissions
linuxRestrict write access to the configuration directory to prevent symlink creation by unauthorized users.
chmod 700 ~/.config/yt-grabber-tui
🧯 If You Can't Patch
- Run application with minimal privileges (non-root/non-admin user)
- Ensure configuration directory has restrictive permissions (owner-only write access)
🔍 How to Verify
Check if Vulnerable:
Check if yt-grabber-tui version is 1.0 by running the application with --version flag or checking installed package version.Check Version:
yt-grabber-tui --versionVerify Fix Applied:
Confirm version is 1.0.1 or later and check the commit bf065e833820bb4253a70a4c1dc6b843c6d8bf21 is included in the source.📡 Detection & Monitoring
Log Indicators:
- Failed file writes to unexpected locations
- Permission errors when accessing configuration files
Network Indicators:
- None - this is a local file system vulnerability
SIEM Query:
Process execution of yt-grabber-tui with version 1.0, followed by file modification events in configuration directories