CVE-2025-10472
📋 TL;DR
A path traversal vulnerability in MoneyPrinterTurbo allows attackers to access arbitrary files on the server by manipulating the file_path parameter in video download/stream functions. This affects all MoneyPrinterTurbo installations up to version 1.2.6. Remote attackers can potentially read sensitive system files.
💻 Affected Systems
- harry0703 MoneyPrinterTurbo
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Attackers could read sensitive system files like /etc/passwd, configuration files, or application source code, potentially leading to credential theft, privilege escalation, or further exploitation.
Likely Case
Unauthorized reading of application configuration files, user data, or other sensitive files stored on the server.
If Mitigated
Limited to reading files accessible by the application's service account, with no write or execution capabilities.
🎯 Exploit Status
Exploit details have been publicly disclosed and remote exploitation is possible without authentication.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Version after 1.2.6
Vendor Advisory: https://github.com/harry0703/MoneyPrinterTurbo
Restart Required: Yes
Instructions:
1. Update MoneyPrinterTurbo to the latest version from the official GitHub repository. 2. Restart the application service. 3. Verify the fix by testing the vulnerable endpoint.
🔧 Temporary Workarounds
Input Validation and Sanitization
allImplement strict input validation on the file_path parameter to prevent directory traversal sequences.
Web Application Firewall Rules
allConfigure WAF rules to block requests containing path traversal patterns like '../', '..\', or absolute paths.
🧯 If You Can't Patch
- Implement network segmentation to restrict access to MoneyPrinterTurbo instances
- Deploy a reverse proxy with strict input validation and path sanitization
🔍 How to Verify
Check if Vulnerable:
Test the /download_video or /stream_video endpoints with a file_path parameter containing '../' sequences to see if it returns files outside the intended directory.Check Version:
Check the application version in the web interface or configuration files, or run: python -c "import moneyprinter; print(moneyprinter.__version__)" if applicable.Verify Fix Applied:
After patching, attempt the same path traversal test and verify it returns an error or sanitized path instead of accessing arbitrary files.📡 Detection & Monitoring
Log Indicators:
- HTTP requests to /download_video or /stream_video with file_path containing '../', '..\', or absolute paths
- Unusual file access patterns from the application service account
Network Indicators:
- HTTP requests with path traversal sequences in parameters
- Responses containing unexpected file contents
SIEM Query:
source="web_logs" AND (uri_path="/download_video" OR uri_path="/stream_video") AND (param_file_path="*../*" OR param_file_path="*..\\*" OR param_file_path="/*")🔗 References
- https://vuldb.com/?ctiid.323892
- https://vuldb.com/?id.323892
- https://vuldb.com/?submit.648393
- https://www.notion.so/Path-Traversal-Vulnerability-in-MoneyPrinterTurbo-1-2-6-265014c4d9ca80e38da4deaeee8b46f5?source=copy_link
- https://www.notion.so/Path-Traversal-Vulnerability-in-MoneyPrinterTurbo-1-2-6-265014c4d9ca80e38da4deaeee8b46f5
