Unrestricted File Upload Vulnerability in MoneyPrinterTurbo by Harry0703
CVE-2025-7895

5.3MEDIUM

Key Information:

Vendor

Harry0703

Status
Moneyprinterturbo
Vendor
CVE Published:
20 July 2025

What is CVE-2025-7895?

A vulnerability has been identified in MoneyPrinterTurbo versions up to 1.2.6 in the upload_bgm_file function located in app/controllers/v1/video.py. This flaw allows attackers to manipulate the input argument for file uploads, resulting in unrestricted file upload capabilities. By exploiting this vulnerability, an attacker can initiate a remote attack, potentially leading to unauthorized access and execution of malicious files on the server. It is imperative for users of MoneyPrinterTurbo to take necessary precautions to safeguard their systems.

Affected Version(s)

MoneyPrinterTurbo 1.2.0

MoneyPrinterTurbo 1.2.1

MoneyPrinterTurbo 1.2.2

References

https://vuldb.com/?id.317010
vdb-entrytechnical-description
https://vuldb.com/?ctiid.317010
signaturepermissions-required
https://vuldb.com/?submit.608940
third-party-advisory

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

zhangjx (VulDB User)
.
CVE-2025-7895 : Unrestricted File Upload Vulnerability in MoneyPrinterTurbo by Harry0703