- Description
- YoutubeDLSharp is a wrapper for the command-line video downloaders youtube-dl and yt-dlp. In versions starting from 1.0.0-beta4 and prior to 1.1.2, an unsafe conversion of arguments allows the injection of a malicious commands when starting `yt-dlp` from a commands prompt running on Windows OS with the `UseWindowsEncodingWorkaround` value defined to true (default behavior). If a user is using built-in methods from the YoutubeDL.cs file, the value is true by default and a user cannot disable it from these methods. This issue has been patched in version 1.1.2.
- Source
- security-advisories@github.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 9.2
- Impact score
- 6
- Exploitability score
- 2.5
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L
- Severity
- CRITICAL
- security-advisories@github.com
- CWE-77
- Hype score
- Not currently trending
🚨 CVE-2025-43858 ⚠️🔴 CRITICAL (9.2) 🏢 Bluegrams - YoutubeDLSharp 🏗️ >= 1.0.0-beta4, < 1.1.2 🔗 https://t.co/gLmGeOYjp9 🔗 https://t.co/0NRUkrGeT1 🔗 https://t.co/68msfctgUe #CyberCron #VulnAlert #InfoSec https://t.co/V4m1wrufom
@cybercronai
25 Apr 2025
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-43858 YoutubeDLSharp is a wrapper for the command-line video downloaders youtube-dl and yt-dlp. In versions starting from 1.0.0-beta4 and prior to 1.1.2, an unsafe conversi… https://t.co/ZcUL6xrpDE
@CVEnew
24 Apr 2025
502 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-43858: CRITICAL] Cyber security alert: YoutubeDLSharp versions 1.0.0-beta4 to 1.1.2 are vulnerable to command injection. Patch available in version 1.1.2. Update now to stay secure.#cve,CVE-2025-43858,#cybersecurity https://t.co/IfTEI7b9vf https://t.co/oLLuNNjQ2g
@CveFindCom
24 Apr 2025
27 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes