How severe is CVE-2025-43858?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.2 out of 10.

What type of vulnerability is CVE-2025-43858?

This is classified as CWE-77, which is a common weakness in software security.

CVE-2025-43858

CRITICAL Year: 2025

CVSS v3 Score

9.2

Critical

Weakness Type

CWE-77

View all →

Vulnerability Description

YoutubeDLSharp is a wrapper for the command-line video downloaders youtube-dl and yt-dlp. In versions starting from 1.0.0-beta4 and prior to 1.1.2, an unsafe conversion of arguments allows the injection of a malicious commands when starting `yt-dlp` from a commands prompt running on Windows OS with the `UseWindowsEncodingWorkaround` value defined to true (default behavior). If a user is using built-in methods from the YoutubeDL.cs file, the value is true by default and a user cannot disable it from these methods. This issue has been patched in version 1.1.2.

CVE-2016-8628

CRITICAL

CVSS:9.1(Critical)

Ansible before version 2.2.0 fails to properly sanitize fact variables sent from the Ansible controller. An attacker with the ability to create special variables on the controller could execute arbitr...

CWE-772016

CVE-2020-24561

CRITICAL

CVSS:9.1(Critical)

A command injection vulnerability in Trend Micro ServerProtect for Linux 3.0 could allow an attacker to execute arbitrary code on an affected system. An attacker must first obtain admin/root privilege...

CWE-772020

CVE-2022-26007

CRITICAL

CVSS:9.1(Critical)

An OS command injection vulnerability exists in the console factory functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted network request can lead to command execution. An attacker ...

CWE-772022

CVE-2022-26415

CRITICAL

CVSS:9.1(Critical)

On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x, when running in Appli...

CWE-772022

CVE-2022-32765

CRITICAL

CVSS:9.1(Critical)

An OS command injection vulnerability exists in the sysupgrade command injection functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to arbitrary command exe...

CWE-772022

CVE-2022-4616

CRITICAL

CVSS:9.1(Critical)

The webserver in Delta DX-3021 versions prior to 1.24 is vulnerable to command injection through the network diagnosis page. This vulnerability could allow a remote unauthenticated user to add files, ...

CWE-772022

CVE-2025-43858

Vulnerability Description

Related Vulnerabilities

CVE-2016-8628

CVE-2020-24561

CVE-2022-26007

CVE-2022-26415

CVE-2022-32765

CVE-2022-4616