CVE-2025-49089 – MoneyPrinterTurbo 1.2.6 contains a path travers... (How to Fix)

Q: What is the severity of CVE-2025-49089?

CVE-2025-49089 has a CVSS score of 6.3 (MEDIUM). MoneyPrinterTurbo 1.2.6 contains a path traversal vulnerability that allows attackers to read arbitrary files on the server via specially crafted download requests. This affects all systems running the vulnerable version of this software. Attackers can potentially access sensitive system files like /etc/passwd.

📋 TL;DR

MoneyPrinterTurbo 1.2.6 contains a path traversal vulnerability that allows attackers to read arbitrary files on the server via specially crafted download requests. This affects all systems running the vulnerable version of this software. Attackers can potentially access sensitive system files like /etc/passwd.

💻 Affected Systems

Products:

wangxutech MoneyPrinterTurbo

Versions: 1.2.6

Operating Systems: All operating systems where MoneyPrinterTurbo is installed

Default Config Vulnerable: ⚠️ Yes

Notes: The vulnerability exists in the default configuration and requires no special setup to be exploitable.

📦 What is this software?

Moneyprinterturbo by Harry0703

View all CVEs affecting Moneyprinterturbo →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete server compromise through reading sensitive configuration files, SSH keys, or database credentials leading to data exfiltration or lateral movement.

🟠

Likely Case

Information disclosure of sensitive files including configuration files, user data, and system information that could enable further attacks.

🟢

If Mitigated

Limited impact if proper file permissions and network segmentation prevent access to critical system files.

🌐 Internet-Facing: HIGH - The vulnerable endpoint is directly accessible via API calls, making internet-facing instances particularly vulnerable to automated scanning and exploitation.

🏢 Internal Only: MEDIUM - Internal instances are still vulnerable but require network access, reducing exposure to external attackers.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires only HTTP requests to the vulnerable endpoint with path traversal sequences.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check GitHub repository for latest version

Vendor Advisory: https://github.com/harry0703/MoneyPrinterTurbo

Restart Required: No

Instructions:

1. Visit the GitHub repository. 2. Check for security updates. 3. Update to the latest version. 4. Verify the fix by testing the vulnerable endpoint.

🔧 Temporary Workarounds

Web Application Firewall Rule

all

Block requests containing path traversal sequences in the URL

Access Control

all

Restrict access to the /api/v1/download/ endpoint to trusted IP addresses only

🧯 If You Can't Patch

Implement strict file permissions to limit readable files
Deploy a reverse proxy with request filtering for path traversal patterns

🔍 How to Verify

Check if Vulnerable:

Send a GET request to /api/v1/download//etc/passwd and check if file contents are returned

Check Version:

Check application version in web interface or configuration files

Verify Fix Applied:

Attempt the same request after patching and verify it returns an error or empty response

📡 Detection & Monitoring

Log Indicators:

HTTP requests to /api/v1/download/ with multiple slashes or directory traversal sequences
Unusual file access patterns from web server process

Network Indicators:

HTTP GET requests containing .. or / sequences in URL parameters
Requests for known sensitive files like /etc/passwd, /etc/shadow

SIEM Query:

source="web_server" AND (url="/api/v1/download/*" AND (url CONTAINS ".." OR url CONTAINS "//"))

📊 Metadata

CVE ID: CVE-2025-49089

CVSS v3 Score: 6.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

CWE: CWE-22

EPSS Score: 0.04% exploit probability (11.5th percentile)

Published: September 15, 2025

Last Updated: October 2, 2025

🔗 References

https://gist.github.com/Theresasu1/3a9ced1f3d8208cc9f99ce34057cf681 Broken Link
https://github.com/harry0703/MoneyPrinterTurbo Product
https://moneyprinterturbo.net Broken Link
https://www.wangxutech.com Not Applicable

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-49089, you might also want to check these: