CVE-2025-66203

CVE-2025-66203 affects StreamVault’s SpiritApplication. Prior to version 251126, an RCE exists because administrators can configure yt-dlp arguments via /admin/api/saveConfig without sufficient validation; these arguments are stored globally and later used by YtDlpUtil.java to construct the yt-dl...