CVE-2025-62511 identifies a Time-of-Check to Time-of-Use (TOCTOU) race condition vulnerability in yt-grabber-tui version 1.0, a C++ terminal user interface application designed for downloading YouTube content. The vulnerability is located in the process of creating the default configuration file config.json. Specifically, the function load_json_settings in Settings.hpp first checks for the existence of config.json using boost::filesystem::exists. If the file does not exist, it calls create_json_settings, which writes the JSON configuration file using boost::property_tree::write_json. The race condition arises because between the existence check and the write operation, a local attacker with write access to the configuration directory (~/.config/yt-grabber-tui on Linux or the current working directory on Windows) can create a symbolic link pointing to an arbitrary file. Consequently, when the application writes the configuration, it follows the symlink and overwrites the target file. This arbitrary file overwrite can corrupt application or user data and, if the application runs with elevated privileges, may lead to system file corruption or compromise. Exploitation requires local access with write permissions but no user interaction. The vulnerability has a CVSS 3.1 score of 6.3, reflecting medium severity, with attack vector local, attack complexity high, privileges required low, no user interaction, unchanged scope, no confidentiality impact, but high integrity and availability impacts. The issue is resolved in yt-grabber-tui version 1.0.1.

For European organizations, this vulnerability poses a risk primarily to users running yt-grabber-tui locally, especially developers or system administrators who may execute the application with elevated privileges. Successful exploitation can lead to arbitrary file overwrites, resulting in corruption or loss of critical configuration files, application data, or even system files if elevated privileges are involved. This can disrupt workflows, cause data loss, and potentially allow further privilege escalation or system compromise. Organizations relying on this tool for content downloading or automation may experience operational disruptions. The impact is more pronounced in environments where multiple users share systems or where directory permissions are not strictly controlled. Since the vulnerability requires local write access, the threat is mainly from insider threats or attackers who have already gained limited access to the system. The lack of known exploits in the wild reduces immediate risk but does not eliminate the need for prompt remediation.

1. Upgrade yt-grabber-tui to version 1.0.1 or later, where the TOCTOU race condition is fixed. 2. Restrict write permissions on the configuration directories (~/.config/yt-grabber-tui on Linux and the application working directory on Windows) to trusted users only, preventing unauthorized creation of symbolic links or files. 3. Run yt-grabber-tui with the least privileges necessary; avoid executing it with elevated or administrative rights. 4. Implement file system monitoring to detect unexpected symbolic link creations or modifications in configuration directories. 5. Educate users about the risks of running applications with elevated privileges and the importance of securing local directories. 6. Consider using filesystem features or security modules (e.g., SELinux, AppArmor) to enforce stricter controls on configuration file access and modifications. 7. Regularly audit local user permissions and system configurations to minimize the risk of local privilege abuse.