CVE-2025-43858: YoutubeDLSharp is a wrapper for the command-line video downloaders youtube-dl and yt-dlp. In versions starting from 1.0.
criticalvulnerability
security
Summary
YoutubeDLSharp (a tool that wraps command-line video downloaders) has a vulnerability in versions 1.0.0-beta4 through 1.1.1 on Windows where attackers can inject malicious commands by exploiting unsafe argument conversion, especially when a Windows encoding workaround is enabled by default. Users cannot disable this workaround through built-in methods, making all applications using these versions potentially vulnerable.
Solution / Mitigation
Update to version 1.1.2, which contains the patch for this vulnerability.
Vulnerability Details
CVSS Score
9.2(critical)
EPSS (30-day exploit probability)
EPSS: 0.2%
Classification
Attack SophisticationModerate
Original source: https://nvd.nist.gov/vuln/detail/CVE-2025-43858
First tracked: February 15, 2026 at 08:52 PM
Classified by LLM (prompt v3) · confidence: 95%