Missing Authentication Flaw in MoneyPrinterTurbo API by harry0703
CVE-2025-7897

6.9MEDIUM

Key Information:

Vendor: Harry0703
Status: Moneyprinterturbo
Vendor: CVE Published:; 20 July 2025

What is CVE-2025-7897?

A vulnerability has been identified in the MoneyPrinterTurbo application developed by harry0703, specifically in version 1.2.6. This flaw resides in the 'verify_token' function located in the API Endpoint, file app/controllers/base.py. It allows for an exploitation scenario where an attacker can bypass authentication protocols, potentially leading to unauthorized access. Such manipulation can be executed remotely, posing a significant risk to the integrity and security of the application.

Affected Version(s)

MoneyPrinterTurbo 1.2.0

MoneyPrinterTurbo 1.2.1

MoneyPrinterTurbo 1.2.2

References

https://vuldb.com/?id.317012

vdb-entrytechnical-description

https://vuldb.com/?ctiid.317012

signaturepermissions-required

https://vuldb.com/?submit.609040

third-party-advisory

CVSS V4

Score:

6.9

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 20, 2025
Vulnerability Reserved
Jul 19, 2025

Credit

zhangjx (VulDB User)