CVE-2025-53890

Name of the Vulnerable Software and Affected Versions pyload versions prior to 0.5.0b3.dev89

Description pyload is an open-source Download Manager written in pure Python. An unsafe JavaScript evaluation vulnerability in pyLoad’s CAPTCHA processing code allows unauthenticated remote attackers to execute arbitrary code in the client browser and potentially the backend server. Exploitation requires no user interaction or authentication and can result in session hijacking, credential theft, and full system remote code execution.

Recommendations Update to version 0.5.0b3.dev89, which includes commit 909e5c97885237530d1264cfceb5555870eb9546 to resolve the issue.