CVE-2025-62363

Name of the Vulnerable Software and Affected Versions yt-grabber-tui versions prior to 1.0-rc

Description yt-grabber-tui is a terminal user interface application for downloading videos. Versions before 1.0-rc allow configuration of the path to the yt-dlp executable via the path to yt dlp configuration setting. An attacker with write access to the configuration file or the filesystem location of the configured executable can replace the executable with malicious code or create a symbolic link to an arbitrary executable. When the application invokes yt-dlp, the malicious code is executed with the privileges of the user running yt-grabber-tui.

Recommendations Update to version 1.0-rc or later.