Skip to main content
CVE Vulnerability Database

CVE-2025-7895: Moneyprinterturbo RCE Vulnerability

CVE-2025-7895 is a critical remote code execution vulnerability in Harry0703 Moneyprinterturbo caused by unrestricted file upload. This article covers technical details, affected versions, impact, and mitigation strategies.

Published:

CVE-2025-7895 Overview

A critical unrestricted file upload vulnerability has been identified in harry0703 MoneyPrinterTurbo versions up to and including 1.2.6. The vulnerability exists in the upload_bgm_file function within the app/controllers/v1/video.py file, specifically in the File Extension Handler component. This flaw allows attackers to bypass file type restrictions and upload arbitrary files, potentially leading to remote code execution on affected systems.

Critical Impact

Remote attackers can exploit insufficient file extension validation to upload malicious files, potentially gaining unauthorized access or executing arbitrary code on servers running vulnerable versions of MoneyPrinterTurbo.

Affected Products

  • harry0703 MoneyPrinterTurbo versions up to 1.2.6

Discovery Timeline

  • 2025-07-20 - CVE-2025-7895 published to NVD
  • 2025-11-20 - Last updated in NVD database

Technical Details for CVE-2025-7895

Vulnerability Analysis

This vulnerability is classified under CWE-434 (Unrestricted Upload of File with Dangerous Type) and CWE-284 (Improper Access Control). The vulnerable function upload_bgm_file in the video controller fails to properly validate file extensions before processing uploaded files. This allows attackers to upload files with dangerous extensions that could be executed by the server or used to compromise the application.

The attack can be launched remotely over the network, requiring low privileges but no user interaction. The vulnerability affects the confidentiality, integrity, and availability of the system, as successful exploitation could allow attackers to read sensitive data, modify system files, or disrupt service availability.

Root Cause

The root cause of this vulnerability lies in the inadequate validation of file extensions within the File Extension Handler component. The upload_bgm_file function in app/controllers/v1/video.py does not implement proper checks to ensure that uploaded files conform to expected file types. This oversight allows attackers to manipulate the file argument to upload files with arbitrary extensions, bypassing intended security restrictions.

Attack Vector

The attack vector is network-based, allowing remote exploitation. An authenticated attacker with low-level privileges can craft malicious requests to the file upload endpoint, manipulating the file parameter to upload arbitrary file types. The lack of proper file extension validation means that dangerous file types such as executable scripts, web shells, or configuration files could be uploaded to the server.

Successful exploitation could enable an attacker to:

  • Upload web shells for persistent access
  • Execute arbitrary code on the server
  • Modify application configurations
  • Access sensitive data stored on the system

For detailed technical information about this vulnerability, refer to the VulDB entry.

Detection Methods for CVE-2025-7895

Indicators of Compromise

  • Unusual file uploads to the BGM upload endpoint with unexpected file extensions
  • Presence of executable files or scripts in upload directories
  • Web shell files appearing in application directories
  • Unexpected HTTP requests to the /v1/video endpoint with file upload parameters

Detection Strategies

  • Monitor file upload endpoints for attempts to upload files with suspicious extensions such as .php, .py, .sh, .exe, or .jsp
  • Implement file integrity monitoring on upload directories to detect unauthorized file additions
  • Review web application logs for anomalous upload patterns or repeated failed upload attempts
  • Deploy web application firewall (WAF) rules to inspect and block malicious file upload attempts

Monitoring Recommendations

  • Enable detailed logging for the upload_bgm_file function and related file upload operations
  • Set up alerts for file uploads that bypass extension validation or contain suspicious content
  • Monitor server processes for execution of files from upload directories
  • Implement regular security scans of application directories to identify potentially malicious files

How to Mitigate CVE-2025-7895

Immediate Actions Required

  • Upgrade MoneyPrinterTurbo to a version newer than 1.2.6 when available
  • Review and restrict file upload permissions on the affected endpoint
  • Implement additional file type validation at the application and server level
  • Audit upload directories for any suspicious files that may have been uploaded

Patch Information

As of the last update, users should check the official harry0703 MoneyPrinterTurbo repository for security patches addressing this vulnerability. Monitor vendor communications for patch releases that address the unrestricted file upload issue in the upload_bgm_file function.

Workarounds

  • Implement a whitelist of allowed file extensions for the BGM upload functionality, permitting only audio formats such as .mp3, .wav, and .ogg
  • Add server-side validation to verify file content matches the declared file type using MIME type checking
  • Configure web server to prevent execution of uploaded files by disabling script execution in upload directories
  • Restrict access to the vulnerable endpoint to trusted users only until a patch is available
  • Consider using a separate storage service for uploads that is isolated from the application server
bash
# Example nginx configuration to prevent script execution in upload directories
location /uploads/ {
    # Disable script execution
    location ~ \.(php|py|sh|pl|cgi)$ {
        deny all;
    }
    
    # Only allow audio file types
    location ~ \.(mp3|wav|ogg|flac|aac)$ {
        allow all;
    }
}

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

Default Legacy - Prefooter | Experience the World’s Most Advanced Cybersecurity Platform

Experience the Most Advanced Cybersecurity Platform

See how the world’s most intelligent, autonomous cybersecurity platform can protect your organization today and into the future.