CVE-2025-10472

Name of the Vulnerable Software and Affected Versions harry0703 MoneyPrinterTurbo versions through 1.2.6

Description A path traversal vulnerability exists in the download video/stream video function within the app/controllers/v1/video.py file of the URL Handler component. Manipulation of the file path argument can lead to unauthorized access. The attack can be initiated remotely. The exploit has been disclosed to the public.

Recommendations harry0703 MoneyPrinterTurbo versions prior to 1.2.6: Address the path traversal issue by sanitizing or validating the file path argument within the download video/stream video function in app/controllers/v1/video.py.