CVE-2025-62511

Name of the Vulnerable Software and Affected Versions yt-grabber-tui version 1.0

Description yt-grabber-tui is a C++ terminal user interface application for downloading YouTube content. A Time-of-Check to Time-of-Use (TOCTOU) race condition exists in the creation of the default configuration file config.json. Specifically, the load json settings function in Settings.hpp checks for the existence of config.json and, if missing, calls create json settings to write a new JSON configuration file. A local attacker with write access to the application’s configuration directory can create a symbolic link to overwrite an attacker-chosen file accessible to the running process. This enables arbitrary file overwrite, potentially leading to data corruption or loss. If the application is run with elevated privileges, system file corruption is possible.

Recommendations Update to version 1.0.1 or later.