CVE-2025-54072 | yt-dlp up to 2025.06.25 on Windows Command Line –exec os command injection (GHSA-45hg-7f49-5h56)

A vulnerability, which was classified as critical, was found in yt-dlp up to 2025.06.25 on Windows. This affects an unknown part of the component Command Line Handler. The manipulation of the argument –exec leads to os command injection.

This vulnerability is uniquely identified as CVE-2025-54072. It is possible to initiate the attack remotely. There is no exploit available.

It is recommended to upgrade the affected component.VulDB Recent EntriesRead More