CVE-2025-10472 | harry0703 MoneyPrinterTurbo up to 1.2.6 URL video.py download_video/stream_video file_path path traversal

A vulnerability, which was classified as critical, has been found in harry0703 MoneyPrinterTurbo up to 1.2.6. The impacted element is the function download_video/stream_video of the file app/controllers/v1/video.py of the component URL Handler. The manipulation of the argument file_path leads to path traversal.

This vulnerability is documented as CVE-2025-10472. The attack can be initiated remotely. Additionally, an exploit exists.VulDB Recent EntriesRead More