CVE-2025-7895
BaseFortify
Publication date: 2025-07-20
Last updated on: 2025-11-20
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| harry0703 | moneyprinterturbo | to 1.2.6 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-434 | The product allows the upload or transfer of dangerous file types that are automatically processed within its environment. |
| CWE-284 | The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-7895 is a critical vulnerability in the harry0703 MoneyPrinterTurbo software (up to version 1.2.6) affecting the function upload_bgm_file. The vulnerability arises because the software only checks if uploaded files have an '.mp3' extension without verifying the actual file content, allowing attackers to upload malicious files disguised as '.mp3'. There is no file size restriction, which could lead to resource exhaustion, and filenames are not sanitized, enabling attackers to overwrite important system files. This combination of poor validation, lack of size limits, and unsafe filename handling allows unrestricted file uploads remotely. [1, 2]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing remote attackers to upload arbitrary and potentially malicious files to your system. This can lead to overwriting critical system files, executing malicious code, exhausting storage resources, and compromising the confidentiality, integrity, and availability of your system. The unrestricted file upload can be exploited remotely with ease, posing significant security risks. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection can focus on monitoring for suspicious file uploads to the vulnerable endpoint, specifically uploads to the function upload_bgm_file in app/controllers/v1/video.py. Since the vulnerability allows unrestricted file uploads with only extension checks for .mp3, you can look for files uploaded with .mp3 extensions but containing non-audio content or unusually large file sizes. Network monitoring tools or web server logs can be inspected for POST requests to the upload endpoint carrying .mp3 files. Commands such as using curl or wget to test uploading non-mp3 files with .mp3 extensions can help verify the vulnerability. For example, using curl to upload a crafted file: curl -F "[email protected]" http://target/upload_endpoint. Additionally, scanning the upload directory for files with suspicious names or unexpected content types can help detect exploitation attempts. [1, 2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include disabling or restricting the file upload functionality in MoneyPrinterTurbo version 1.2.6 or earlier until a patch is available. If disabling is not possible, implement strict validation on uploaded files beyond just checking the file extension, such as verifying MIME types and scanning file contents. Limit the file size to prevent resource exhaustion and sanitize filenames to prevent overwriting critical files. Since no known countermeasures or patches are currently available, consider replacing the affected product with an alternative software. Monitoring and blocking suspicious upload attempts at the network or application firewall level can also help reduce risk. [2, 1]