CNNVD-202507-2833 Information
CNNVD ID
CNNVD-202507-2833
Related CVE
- CNNVD Published: 2025-07-22
Description (Chinese)
yt-dlp是yt-dlp的基于现在不活动的youtube-dlc 的youtube-dl分支。 yt-dlp 2025.06.25及之前版本存在操作系统命令注入漏洞,该漏洞源于–exec选项文件路径清理不足,可能导致远程代码执行。
Description (English)
yt-dlp is the yt-dlp-based Yotoutube-dl branch based on now inactive yotoutube-dlc. Yt-dlp 2025.06.25 and previous versions have an operational system command-injected loophole, which stems from the inadequate clearance of the –exec option file path, which may lead to remote code execution.
Hazard Level
Medium
Vulnerability Type
操作系统命令注入
Affected Vendor
yt-dlp
Published
2025-07-22
Last Modified
2026-02-24
References
https://github.com/yt-dlp/yt-dlp/security/advisories/GHSA-45hg-7f49-5h56 https://github.com/yt-dlp/yt-dlp/commit/959ac99e98c3215437e573c22d64be42d361e863 https://github.com/yt-dlp/yt-dlp/releases/tag/2025.07.21 https://nvd.nist.gov/vuln/detail/CVE-2025-54072 https://access.redhat.com/security/cve/cve-2025-54072
Patch
https://github.com/yt-dlp/yt-dlp/releases
Share on: