CVE-2025-62363 is a vulnerability classified under CWE-59 (Improper Link Resolution Before File Access) affecting yt-grabber-tui, a terminal user interface application for downloading videos. In versions prior to 1.0-rc, the software allows users to specify the path to the yt-dlp executable via a configuration setting named path_to_yt_dlp. This flexibility introduces a security risk if an attacker gains write access to either the configuration file or the filesystem location where the configured executable resides. The attacker can replace the legitimate yt-dlp executable with malicious code or create a symbolic link pointing to an arbitrary executable. When yt-grabber-tui runs yt-dlp, it executes the malicious payload with the same privileges as the user running the application. This can lead to full compromise of the user's environment, including unauthorized access to sensitive data, modification of files, or disruption of service. The vulnerability requires local privileges (AV:L) and low attack complexity (AC:L), does not require user interaction (UI:N), and affects confidentiality, integrity, and availability (C:H/I:H/A:H). The vulnerability was publicly disclosed on October 13, 2025, and has been patched in version 1.0-rc of yt-grabber-tui. No known exploits are reported in the wild as of the publication date.

For European organizations, the impact of CVE-2025-62363 can be significant, especially for those using yt-grabber-tui in environments where multiple users have access or where systems are shared. Exploitation can lead to unauthorized code execution with user-level privileges, potentially allowing attackers to escalate privileges, steal sensitive information, or disrupt operations. Since the vulnerability requires write access to configuration files or executable paths, environments with lax file permission controls are at higher risk. Organizations relying on this tool for video downloading or media processing could face data breaches or operational interruptions. Additionally, if attackers leverage this vulnerability as a foothold, it could serve as a pivot point for further lateral movement within networks. The absence of required user interaction facilitates stealthy exploitation. Given the high CVSS score (7.8) and the broad impact on confidentiality, integrity, and availability, European entities should prioritize mitigation to prevent compromise.

1. Upgrade yt-grabber-tui to version 1.0-rc or later, where the vulnerability is patched. 2. Restrict write permissions on the configuration file containing the path_to_yt_dlp setting to trusted administrators only. 3. Secure the filesystem locations where the yt-dlp executable resides to prevent unauthorized modifications or creation of symbolic links. 4. Implement file integrity monitoring on critical executables and configuration files to detect unauthorized changes promptly. 5. Employ principle of least privilege for users running yt-grabber-tui to limit the impact of potential exploitation. 6. Use application whitelisting or endpoint protection solutions to detect and block execution of unauthorized binaries. 7. Conduct regular audits of user permissions and filesystem access controls in environments where yt-grabber-tui is deployed. 8. Educate users about the risks of running untrusted code and the importance of maintaining secure configurations.