CVE-2025-10472

Summary

A vulnerability has been found in harry0703 MoneyPrinterTurbo up to 1.2.6. The impacted element is the function download_video/stream_video of the file app/controllers/v1/video.py of the component URL Handler. The manipulation of the argument file_path leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Affected Software

VendorProductVersion RangeStatus
harry0703MoneyPrinterTurbo1.2.0affected
harry0703MoneyPrinterTurbo1.2.1affected
harry0703MoneyPrinterTurbo1.2.2affected
harry0703MoneyPrinterTurbo1.2.3affected
harry0703MoneyPrinterTurbo1.2.4affected
harry0703MoneyPrinterTurbo1.2.5affected
harry0703MoneyPrinterTurbo1.2.6affected

Weaknesses

  • CWE-22: Path Traversal

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: yes
    • Technical Impact: partial

Additional References

References