CVE-2025-62363: CWE-59: Improper Link Resolution Before File Access ('Link Following') in zheny-creator YtGrabber-TUI
yt-grabber-tui is a terminal user interface application for downloading videos. In versions before 1.0-rc, the application allows users to configure the path to the yt-dlp executable via the path_to_yt_dlp configuration setting. An attacker with write access to the configuration file or the filesystem location of the configured executable can replace the executable with malicious code or create a symlink to an arbitrary executable. When the application invokes yt-dlp, the malicious code is executed with the privileges of the user running yt-grabber-tui. This vulnerability has been patched in version 1.0-rc.
AI Analysis
Technical Summary
CVE-2025-62363 is a vulnerability classified under CWE-59 (Improper Link Resolution Before File Access) affecting yt-grabber-tui, a terminal user interface for downloading videos. In versions before 1.0-rc, the application allows users to specify the path to the yt-dlp executable via a configuration setting. The vulnerability arises because the application does not securely handle symbolic links or file replacements for the yt-dlp executable path. An attacker who has write access to the configuration file or the filesystem location of the configured yt-dlp executable can replace the legitimate executable with malicious code or create a symbolic link pointing to an arbitrary executable. When yt-grabber-tui subsequently invokes yt-dlp, the malicious code is executed with the same privileges as the user running the application. This can lead to arbitrary code execution, compromising confidentiality, integrity, and availability of the affected system. Exploitation requires local privileges (write access) but no user interaction. The vulnerability has been assigned a CVSS v3.1 score of 7.8 (high severity), reflecting its significant impact and moderate exploit complexity. The issue was addressed in version 1.0-rc by fixing the improper link resolution and ensuring secure handling of the executable path. No known exploits are reported in the wild as of the publication date.
Potential Impact
For European organizations, this vulnerability poses a significant risk especially in environments where yt-grabber-tui is used and where multiple users have write access to configuration files or executable directories. Successful exploitation can lead to arbitrary code execution with the privileges of the user running yt-grabber-tui, potentially allowing attackers to escalate privileges, install persistent malware, exfiltrate sensitive data, or disrupt operations. This is particularly critical in shared or multi-user systems, development environments, or automated workflows that rely on yt-grabber-tui. The compromise of user accounts can cascade into broader network compromise if lateral movement is possible. Confidentiality is at risk due to potential data theft, integrity is compromised by unauthorized code execution, and availability can be affected by destructive payloads or system instability. European organizations with strict data protection regulations (e.g., GDPR) must consider the legal and reputational consequences of breaches stemming from this vulnerability.
Mitigation Recommendations
1. Upgrade yt-grabber-tui to version 1.0-rc or later, where the vulnerability is patched. 2. Restrict write permissions on the yt-grabber-tui configuration file and the directory containing the yt-dlp executable to trusted users only, minimizing the risk of unauthorized modifications. 3. Implement filesystem integrity monitoring to detect unexpected changes to configuration files and executables. 4. Use application whitelisting or code signing to prevent execution of unauthorized binaries in the yt-dlp path. 5. Employ least privilege principles by running yt-grabber-tui under a dedicated, non-privileged user account to limit the impact of potential exploitation. 6. Regularly audit user permissions and filesystem access controls in environments where yt-grabber-tui is deployed. 7. Monitor logs for unusual execution patterns or errors related to yt-grabber-tui and yt-dlp invocations. 8. Educate users about the risks of modifying configuration files and the importance of maintaining secure environments.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Poland, Sweden
CVE-2025-62363: CWE-59: Improper Link Resolution Before File Access ('Link Following') in zheny-creator YtGrabber-TUI
Description
yt-grabber-tui is a terminal user interface application for downloading videos. In versions before 1.0-rc, the application allows users to configure the path to the yt-dlp executable via the path_to_yt_dlp configuration setting. An attacker with write access to the configuration file or the filesystem location of the configured executable can replace the executable with malicious code or create a symlink to an arbitrary executable. When the application invokes yt-dlp, the malicious code is executed with the privileges of the user running yt-grabber-tui. This vulnerability has been patched in version 1.0-rc.
AI-Powered Analysis
Technical Analysis
CVE-2025-62363 is a vulnerability classified under CWE-59 (Improper Link Resolution Before File Access) affecting yt-grabber-tui, a terminal user interface for downloading videos. In versions before 1.0-rc, the application allows users to specify the path to the yt-dlp executable via a configuration setting. The vulnerability arises because the application does not securely handle symbolic links or file replacements for the yt-dlp executable path. An attacker who has write access to the configuration file or the filesystem location of the configured yt-dlp executable can replace the legitimate executable with malicious code or create a symbolic link pointing to an arbitrary executable. When yt-grabber-tui subsequently invokes yt-dlp, the malicious code is executed with the same privileges as the user running the application. This can lead to arbitrary code execution, compromising confidentiality, integrity, and availability of the affected system. Exploitation requires local privileges (write access) but no user interaction. The vulnerability has been assigned a CVSS v3.1 score of 7.8 (high severity), reflecting its significant impact and moderate exploit complexity. The issue was addressed in version 1.0-rc by fixing the improper link resolution and ensuring secure handling of the executable path. No known exploits are reported in the wild as of the publication date.
Potential Impact
For European organizations, this vulnerability poses a significant risk especially in environments where yt-grabber-tui is used and where multiple users have write access to configuration files or executable directories. Successful exploitation can lead to arbitrary code execution with the privileges of the user running yt-grabber-tui, potentially allowing attackers to escalate privileges, install persistent malware, exfiltrate sensitive data, or disrupt operations. This is particularly critical in shared or multi-user systems, development environments, or automated workflows that rely on yt-grabber-tui. The compromise of user accounts can cascade into broader network compromise if lateral movement is possible. Confidentiality is at risk due to potential data theft, integrity is compromised by unauthorized code execution, and availability can be affected by destructive payloads or system instability. European organizations with strict data protection regulations (e.g., GDPR) must consider the legal and reputational consequences of breaches stemming from this vulnerability.
Mitigation Recommendations
1. Upgrade yt-grabber-tui to version 1.0-rc or later, where the vulnerability is patched. 2. Restrict write permissions on the yt-grabber-tui configuration file and the directory containing the yt-dlp executable to trusted users only, minimizing the risk of unauthorized modifications. 3. Implement filesystem integrity monitoring to detect unexpected changes to configuration files and executables. 4. Use application whitelisting or code signing to prevent execution of unauthorized binaries in the yt-dlp path. 5. Employ least privilege principles by running yt-grabber-tui under a dedicated, non-privileged user account to limit the impact of potential exploitation. 6. Regularly audit user permissions and filesystem access controls in environments where yt-grabber-tui is deployed. 7. Monitor logs for unusual execution patterns or errors related to yt-grabber-tui and yt-dlp invocations. 8. Educate users about the risks of modifying configuration files and the importance of maintaining secure environments.
Affected Countries
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2025-10-10T14:22:48.202Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 68ed73a7efcc33289f4e04fb
Added to database: 10/13/2025, 9:48:23 PM
Last enriched: 10/21/2025, 12:39:46 AM
Last updated: 1/17/2026, 11:13:22 AM
Views: 141
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Related Threats
CVE-2025-15530: Reachable Assertion in Open5GS
MediumCVE-2026-0725: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in cyberlord92 Integrate Dynamics 365 CRM
MediumCVE-2025-8615: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in cubewp1211 CubeWP Framework
MediumCVE-2025-14078: CWE-862 Missing Authorization in shoheitanaka PAYGENT for WooCommerce
MediumCVE-2025-10484: CWE-288 Authentication Bypass Using an Alternate Path or Channel in FmeAddons Registration & Login with Mobile Phone Number for WooCommerce
CriticalActions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console in Console -> Billing for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.