CVE-2025-54072 Overview
CVE-2025-54072 is a command injection vulnerability in yt-dlp, the popular feature-rich command-line audio/video downloader. In versions 2025.06.25 and below, when the --exec option is used on Windows with the default placeholder (or {}), insufficient sanitization is applied to the expanded filepath, allowing for remote code execution. This vulnerability represents a bypass of the previous mitigation implemented for CVE-2024-22423, where the default placeholder and {} were not covered by the new escaping rules.
Critical Impact
This command injection vulnerability allows remote attackers to execute arbitrary code on Windows systems running vulnerable versions of yt-dlp when the --exec option is used, potentially leading to complete system compromise.
Affected Products
- yt-dlp versions 2025.06.25 and below
- Windows installations using the --exec option with default placeholders
- yt-dlp configurations using {} placeholder in exec commands
Discovery Timeline
- 2025-07-22 - CVE-2025-54072 published to NVD
- 2025-07-21 - yt-dlp releases security patch in version 2025.07.21
- 2025-10-09 - Last updated in NVD database
Technical Details for CVE-2025-54072
Vulnerability Analysis
This vulnerability is classified as CWE-78 (Improper Neutralization of Special Elements used in an OS Command, commonly known as OS Command Injection). The flaw exists in how yt-dlp handles filename placeholders when executing post-processing commands on Windows systems.
When a user downloads media using yt-dlp with the --exec option, the tool substitutes placeholders like {} with the actual filepath of the downloaded file. The vulnerability arises because an attacker can craft a malicious video URL or metadata that results in a filename containing special shell characters. When this filename is expanded into the exec command without proper sanitization, it allows arbitrary command execution.
The attack requires the target user to download malicious content while using the --exec flag, making it a network-based attack vector. While the attack complexity is considered high due to requiring specific user configurations, successful exploitation leads to high impact on confidentiality, integrity, and availability of the affected system.
Root Cause
The root cause of CVE-2025-54072 lies in the incomplete fix for the previous vulnerability CVE-2024-22423. While the earlier patch implemented escaping rules for certain placeholder types, the default placeholder and the explicit {} placeholder were inadvertently excluded from these sanitization routines. This oversight allowed attackers to bypass the security controls by targeting the default placeholder behavior on Windows systems, where command-line argument parsing handles special characters differently than Unix-like systems.
Attack Vector
The attack leverages the network-accessible nature of media content that yt-dlp downloads. An attacker can host malicious media files with specially crafted metadata that results in filenames containing shell metacharacters. When a victim uses yt-dlp with the --exec option to download and process this content, the unsanitized filename is expanded into the command line, resulting in command injection.
The attack scenario involves:
- An attacker creates or hosts media content with malicious metadata designed to produce a harmful filename
- The victim downloads this content using yt-dlp with --exec and the default placeholder
- The expanded filepath containing shell metacharacters is passed to the system shell without proper escaping
- Arbitrary commands embedded in the filename are executed with the privileges of the yt-dlp process
Technical details about the exploitation mechanism can be found in the GitHub Security Advisory.
Detection Methods for CVE-2025-54072
Indicators of Compromise
- Unusual process spawning from yt-dlp parent processes on Windows systems
- Unexpected network connections or file system modifications following yt-dlp downloads
- Command-line arguments containing suspicious patterns or encoded shell commands in yt-dlp invocations
- Downloaded media files with unusual or suspicious filenames containing shell metacharacters
Detection Strategies
- Monitor for yt-dlp processes using the --exec flag followed by unexpected child process creation
- Implement file integrity monitoring on systems where yt-dlp is routinely used
- Deploy endpoint detection rules to identify command injection patterns in process command lines
- Review yt-dlp configuration files and scripts for usage of vulnerable placeholder patterns
Monitoring Recommendations
- Enable verbose logging for yt-dlp operations to track downloaded content metadata
- Configure security tools to alert on suspicious process hierarchies originating from media download tools
- Establish baseline behavior for yt-dlp usage patterns to identify anomalies
- Monitor for execution of shells or interpreters (cmd.exe, powershell.exe) as child processes of yt-dlp
How to Mitigate CVE-2025-54072
Immediate Actions Required
- Upgrade yt-dlp to version 2025.07.21 or later immediately on all Windows systems
- Audit existing automation scripts and configurations for usage of the --exec option with vulnerable placeholders
- Temporarily disable any automation using --exec until the upgrade is complete
- Review recent yt-dlp downloads for potentially malicious content
Patch Information
The vulnerability is fixed in yt-dlp version 2025.07.21. The security patch addresses the insufficient sanitization by properly escaping filenames when they are expanded into exec commands, covering the default placeholder and {} that were previously missed. Users should update to this version or later to remediate the vulnerability.
The specific fix can be reviewed in the GitHub Commit, and the complete release notes are available in the yt-dlp Release Notes.
Workarounds
- Avoid using the --exec option entirely until upgrading to the patched version
- Use --write-info-json or --dump-json options instead, and process the JSON output with an external script that properly handles filenames
- If exec functionality is required, use explicit placeholders with proper quoting rather than the default placeholder
- Implement application whitelisting to prevent unauthorized command execution on systems running yt-dlp
# Safe alternative: Use JSON output instead of --exec
# Instead of:
# yt-dlp --exec "process {}" <URL>
# Use this safe alternative:
yt-dlp --write-info-json <URL>
# Then process the JSON file with an external script that properly sanitizes filenames
# Or use dump-json for piping to external processors:
yt-dlp --dump-json <URL> | your-safe-processor-script
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
