Lucene search
K

4 matches found

NVD
NVD
added 2025/07/22 10:15 p.m.6 views

CVE-2025-54072

yt-dlp is a feature-rich command-line audio/video downloader. In versions 2025.06.25 and below, when the --exec option is used on Windows with the default placeholder or , insufficient sanitization is applied to the expanded filepath, allowing for remote code execution. This is a bypass of the...

8.1CVSS0.00562EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/07/22 9:34 p.m.6 views

CVE-2025-54072 yt-dlp allows `--exec` command injection when using placeholder on Windows

yt-dlp is a feature-rich command-line audio/video downloader. In versions 2025.06.25 and below, when the --exec option is used on Windows with the default placeholder or , insufficient sanitization is applied to the expanded filepath, allowing for remote code execution. This is a bypass of the...

7.5CVSS8.3AI score0.00562EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/07/22 9:34 p.m.10 views

CVE-2025-54072 yt-dlp allows `--exec` command injection when using placeholder on Windows

yt-dlp is a feature-rich command-line audio/video downloader. In versions 2025.06.25 and below, when the --exec option is used on Windows with the default placeholder or , insufficient sanitization is applied to the expanded filepath, allowing for remote code execution. This is a bypass of the...

7.5CVSS0.00562EPSS
Exploits0References3
OSV
OSV
added 2025/07/22 9:34 p.m.4 views

CVE-2025-54072 yt-dlp allows `--exec` command injection when using placeholder on Windows

yt-dlp is a feature-rich command-line audio/video downloader. In versions 2025.06.25 and below, when the --exec option is used on Windows with the default placeholder or , insufficient sanitization is applied to the expanded filepath, allowing for remote code execution. This is a bypass of the...

7.5CVSS8.5AI score0.00562EPSS
Exploits0References5
Rows per page
Query Builder