CVE-2025-7895

Summary

A vulnerability, which was classified as critical, was found in harry0703 MoneyPrinterTurbo up to 1.2.6. Affected is the function upload_bgm_file of the file app/controllers/v1/video.py of the component File Extension Handler. The manipulation of the argument File leads to unrestricted upload. It is possible to launch the attack remotely.

Affected Software

VendorProductVersion RangeStatus
harry0703MoneyPrinterTurbo1.2.0affected
harry0703MoneyPrinterTurbo1.2.1affected
harry0703MoneyPrinterTurbo1.2.2affected
harry0703MoneyPrinterTurbo1.2.3affected
harry0703MoneyPrinterTurbo1.2.4affected
harry0703MoneyPrinterTurbo1.2.5affected
harry0703MoneyPrinterTurbo1.2.6affected

Weaknesses

  • CWE-434: Unrestricted Upload
  • CWE-284: Improper Access Controls

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References