CVE-2025-7895CRITICAL 9.8EPSS p27.4%

CVE-2025-7895CVE-2025-7895

Description

A vulnerability, which was classified as critical, was found in harry0703 MoneyPrinterTurbo up to 1.2.6. Affected is the function upload_bgm_file of the file app/controllers/v1/video.py of the component File Extension Handler. The manipulation of the argument File leads to unrestricted upload. It is possible to launch the attack remotely.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.36% probability of exploitation · percentile 27.4% · 2026-06-19T12:03:05Z
Published2025-07-20
Last modified2025-11-20

Underlying weaknesses· 2

CWE-284CWE-434

References

  1. https://vuldb.com/?ctiid.317010
  2. https://vuldb.com/?id.317010
  3. https://vuldb.com/?submit.608940

2

TypeTargetConfidenceTier
WeaknessImproper Access Controlcwe-2840%live
WeaknessUnrestricted Upload of File with Dangerous Typecwe-4340%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-11607
CVE
CVE-2025-7897
CVE
CVE-2025-3115
CVE
CVE-2025-46001
CVE
CVE-2025-63994
CVE
CVE-2025-41735
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.