CVE-2025-7897 | THREATINT

Description

A vulnerability was found in harry0703 MoneyPrinterTurbo up to 1.2.6 and classified as critical. Affected by this issue is the function verify_token of the file app/controllers/base.py of the component API Endpoint. The manipulation leads to missing authentication. The attack may be launched remotely.

Eine Schwachstelle wurde in harry0703 MoneyPrinterTurbo bis 1.2.6 gefunden. Sie wurde als kritisch eingestuft. Dies betrifft die Funktion verify_token der Datei app/controllers/base.py der Komponente API Endpoint. Durch die Manipulation mit unbekannten Daten kann eine missing authentication-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren.

Reserved 2025-07-19 | Published 2025-07-20 | Updated 2025-07-20 | Assigner VulDB

MEDIUM: 6.9CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X

HIGH: 7.3CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:X/RL:X/RC:R

HIGH: 7.3CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:X/RL:X/RC:R

7.5AV:N/AC:L/Au:N/C:P/I:P/A:P/E:ND/RL:ND/RC:UR

Problem types

Missing Authentication

Improper Authentication

Product status

1.2.0

affected

1.2.1

affected

1.2.2

affected

1.2.3

affected

1.2.4

affected

1.2.5

affected

1.2.6

affected

Timeline

2025-07-19:	Advisory disclosed
2025-07-19:	VulDB entry created
2025-07-19:	VulDB entry last update

Credits

zhangjx (VulDB User) reporter

References

vuldb.com/?id.317012 (VDB-317012 | harry0703 MoneyPrinterTurbo API Endpoint base.py verify_token missing authentication) vdb-entry technical-description

vuldb.com/?ctiid.317012 (VDB-317012 | CTI Indicators (IOB, IOC, IOA)) signature permissions-required

vuldb.com/?submit.609040 (Submit #609040 | Harry Yu MoneyPrinterTurbo v1.2.6 未授权访问) third-party-advisory

cve.org (CVE-2025-7897)

nvd.nist.gov (CVE-2025-7897)

Download JSON