Vulnerability Details CVE-2025-67427
A Blind Server-Side Request Forgery (SSRF) vulnerability in evershop 2.1.0 and prior allows unauthenticated attackers to force the server to initiate an HTTP request via the "GET /images" API. The vulnerability occurs due to insufficient validation of the "src" query parameter, which permits arbitrary HTTP or HTTPS URIs, resulting in unexpected requests against internal and external networks.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 9.9%
CVSS Severity
CVSS v3 Score 6.5
References
Products affected by CVE-2025-67427
-
cpe:2.3:a:evershop:evershop:1.0.0
-
cpe:2.3:a:evershop:evershop:1.1.0
-
cpe:2.3:a:evershop:evershop:1.2.0
-
cpe:2.3:a:evershop:evershop:1.2.1
-
cpe:2.3:a:evershop:evershop:1.2.2
-
cpe:2.3:a:evershop:evershop:2.0.0
-
cpe:2.3:a:evershop:evershop:2.0.1
-
cpe:2.3:a:evershop:evershop:2.1.0