CVE-2025-7896
BaseFortify
Publication date: 2025-07-20
Last updated on: 2025-11-20
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| harry0703 | moneyprinterturbo | to 1.2.6 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-22 | The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-7896 is a critical path traversal vulnerability in the MoneyPrinterTurbo software (up to version 1.2.6). It occurs in the download_video and delete_video functions of the file app/controllers/v1/video.py. The vulnerability arises because the file_path parameter is not properly validated or sanitized, allowing an attacker to use relative path sequences (like ../) to access files outside the intended directory. This enables unauthorized access to arbitrary files on the system by manipulating file paths remotely. [1, 2, 3]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing remote attackers to access sensitive system files without authorization, potentially compromising the confidentiality, integrity, and availability of your system. Attackers can read arbitrary files outside the intended directory, which may lead to information disclosure or further exploitation. The vulnerability does not require local access or authentication to be exploited. [1, 2, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for unusual or unauthorized file access patterns that involve path traversal sequences such as '../' in requests targeting the download_video or delete_video functions. Since the vulnerability involves manipulation of the 'file_path' parameter, inspecting logs for requests containing '../' sequences or unexpected file paths can help identify exploitation attempts. Specific commands depend on your environment, but for example, you can use grep on server logs to find suspicious requests: grep -r "../" /path/to/logs. Additionally, monitoring network traffic for HTTP requests with suspicious parameters targeting the affected endpoints may help detect exploitation attempts. [1, 2, 3]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting or disabling access to the affected functions (download_video and delete_video) in MoneyPrinterTurbo version 1.2.6 until a patch or fix is available. Since no known countermeasures or mitigations have been identified, it is recommended to replace the affected component with an alternative product if possible. Additionally, applying strict input validation and sanitization on the 'file_path' parameter to prevent path traversal sequences can help mitigate the risk. Monitoring and blocking suspicious requests containing path traversal patterns can also reduce exposure. [3]