CVE-2025-54072 | yt-dlp up to 2025.06.25 on Windows Command Line --exec os command injection (GHSA-45hg-7f49-5h56 / EUVD-2025-22381)
A vulnerability classified as critical was found in yt-dlp up to 2025.06.25 on Windows. The impacted element is an unknown function of the component Command Line Handler. Such manipulation of the argument --exec leads to os command injection.
This vulnerability is traded as CVE-2025-54072. The attack may be launched remotely. There is no exploit available.
Upgrading the affected component is advised.