CVE-2025-7896 is a path traversal vulnerability identified in the harry0703 MoneyPrinterTurbo application, specifically affecting versions 1.2.0 through 1.2.6. The flaw resides in the download_video and delete_video functions within the app/controllers/v1/video.py file. Path traversal vulnerabilities occur when an application does not properly sanitize user input that is used to construct file paths, allowing an attacker to manipulate the file path to access files and directories outside the intended scope. In this case, the vulnerability can be exploited remotely without user interaction or authentication, enabling an attacker to potentially access or delete arbitrary files on the server hosting the application. The CVSS 4.0 base score is 5.3, indicating a medium severity level, with the vector showing network attack vector (AV:N), low attack complexity (AC:L), no privileges required (PR:L), no user interaction (UI:N), and low impact on confidentiality, integrity, and availability (VC:L, VI:L, VA:L). Although the impact on confidentiality, integrity, and availability is rated low, the ability to delete or download arbitrary files remotely can lead to significant security risks, including data leakage, service disruption, or further exploitation if sensitive files or configuration data are accessed. No known exploits are currently reported in the wild, and no patches or mitigation links have been provided yet. The vulnerability is classified as critical in the description, but the CVSS score and vector suggest a medium severity, likely due to the limited impact scope and required privileges.

For European organizations using MoneyPrinterTurbo versions 1.2.0 to 1.2.6, this vulnerability poses a risk of unauthorized file access and deletion on servers running the affected application. This could lead to exposure of sensitive business data, disruption of video-related services, or compromise of server integrity. Organizations in sectors where video processing or management is critical—such as media, finance, or e-commerce—may experience operational disruptions or data breaches. The remote exploitability without user interaction increases the risk of automated attacks or scanning by threat actors. Although the impact on confidentiality, integrity, and availability is rated low individually, the combined effect could facilitate lateral movement or privilege escalation if attackers leverage exposed files or configurations. The absence of known exploits currently reduces immediate risk but does not eliminate the potential for future exploitation. European organizations with regulatory obligations under GDPR must consider the risk of data exposure and potential compliance violations if sensitive files are accessed or deleted.

1. Immediate mitigation should include restricting access to the download_video and delete_video endpoints via network-level controls such as firewalls or API gateways, limiting exposure to trusted IP addresses or internal networks. 2. Implement strict input validation and sanitization on all file path parameters to prevent traversal sequences (e.g., ../) from being processed. 3. Employ application-layer access controls to ensure that users or processes can only access files within their authorized directories. 4. Monitor logs for unusual access patterns or attempts to exploit path traversal, focusing on requests to the vulnerable endpoints. 5. If possible, isolate the MoneyPrinterTurbo application in a container or sandbox environment to limit the blast radius of any successful exploit. 6. Engage with the vendor or community to obtain patches or updates addressing this vulnerability and prioritize timely application once available. 7. Conduct a thorough audit of server file permissions and remove unnecessary read/write privileges to minimize potential damage. 8. Educate development and operations teams about secure coding practices related to file handling to prevent similar vulnerabilities in future releases.