CVE-2025-11607

MEDIUM 6.3

harry0703 MoneyPrinterTurbo API Endpoint music.py upload_music path traversal

CVSS Score

6.3

EPSS Score

0.0%

EPSS Percentile

0th

A weakness has been identified in harry0703 MoneyPrinterTurbo up to 1.2.6. The impacted element is the function upload_music of the file app/controllers/v1/music.py of the component API Endpoint. Executing a manipulation of the argument File can lead to path traversal. The attack may be performed from remote. The exploit has been made available to the public and could be used for attacks.

CWE	CWE-22
Vendor	harry0703
Product	moneyprinterturbo
Published	Oct 11, 2025
Last Updated	Feb 24, 2026

Stay Ahead of the Next One

Get instant alerts for harry0703 moneyprinterturbo

Be the first to know when new medium vulnerabilities affecting harry0703 moneyprinterturbo are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Affected Versions

harry0703 / MoneyPrinterTurbo

1.2.0 1.2.1 1.2.2 1.2.3 1.2.4 1.2.5 1.2.6

References

NVD ↗ CVE.org ↗ EPSS Data ↗

vuldb.com: https://vuldb.com/?id.327929 vuldb.com: https://vuldb.com/?ctiid.327929 vuldb.com: https://vuldb.com/?submit.672550 notion.so: https://www.notion.so/Arbitrary-File-Write-Vulnerability-in-MoneyPrinterTurbo-1-2-6-288014c4d9ca809bb411e4fe875d1e22

Credits

🔍 xuanSAMA (VulDB User)