Vulnerability Details CVE-2025-7895
A vulnerability, which was classified as critical, was found in harry0703 MoneyPrinterTurbo up to 1.2.6. Affected is the function upload_bgm_file of the file app/controllers/v1/video.py of the component File Extension Handler. The manipulation of the argument File leads to unrestricted upload. It is possible to launch the attack remotely.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 9.1%
CVSS Severity
CVSS v3 Score 6.3
CVSS v2 Score 6.5
References
Products affected by CVE-2025-7895
-
cpe:2.3:a:harry0703:moneyprinterturbo:*