Vulnerability Details CVE-2025-67419
A Denial of Service (DoS) vulnerability in evershop 2.1.0 and prior allows unauthenticated attackers to exhaust the application server's resources via the "GET /images" API. The application fails to limit the height of the use-element shadow tree or the dimensions of pattern tiles during the processing of SVG files, resulting in unbounded resource consumption and system-wide denial of service.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 22.1%
CVSS Severity
CVSS v3 Score 7.5
References
Products affected by CVE-2025-67419
-
cpe:2.3:a:evershop:evershop:1.0.0
-
cpe:2.3:a:evershop:evershop:1.1.0
-
cpe:2.3:a:evershop:evershop:1.2.0
-
cpe:2.3:a:evershop:evershop:1.2.1
-
cpe:2.3:a:evershop:evershop:1.2.2
-
cpe:2.3:a:evershop:evershop:2.0.0
-
cpe:2.3:a:evershop:evershop:2.0.1
-
cpe:2.3:a:evershop:evershop:2.1.0