Unsafe JavaScript Evaluation in pyload Download Manager
CVE-2025-53890
Currently unrated
What is CVE-2025-53890?
A significant vulnerability exists in pyload's CAPTCHA processing, which is susceptible to unsafe JavaScript evaluation. This flaw enables unauthenticated remote attackers to execute arbitrary code within the client's browser. Such exploitation does not require user interaction or authentication, leading to critical security risks, including session hijacking and credential theft. If successfully exploited, this vulnerability can affect both the client-side and potentially the backend server, exposing users to severe threats. The issue has been addressed in version 0.5.0b3.dev89.