CVE-2025-67419
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2026-01-05

Last updated on: 2026-01-12

Assigner: MITRE

Description
A Denial of Service (DoS) vulnerability in evershop 2.1.0 and prior allows unauthenticated attackers to exhaust the application server's resources via the "GET /images" API. The application fails to limit the height of the use-element shadow tree or the dimensions of pattern tiles during the processing of SVG files, resulting in unbounded resource consumption and system-wide denial of service.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-05
Last Modified
2026-01-12
Generated
2026-06-16
AI Q&A
2026-01-05
EPSS Evaluated
2026-06-15
NVD
CVE-2025-67419
EUVD
EUVD-2026-0799
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
evershop evershop to 2.1.0 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-1050 The product has a loop body or loop condition that contains a control element that directly or indirectly consumes platform resources, e.g. messaging, sessions, locks, or file descriptors.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a Denial of Service (DoS) issue in evershop version 2.1.0 and earlier. It allows unauthenticated attackers to exhaust the application server's resources by exploiting the "GET /images" API. The problem arises because the application does not limit the height of the use-element shadow tree or the dimensions of pattern tiles when processing SVG files, which leads to unbounded resource consumption and ultimately causes a system-wide denial of service.

Impact Analysis

The vulnerability can impact you by causing a denial of service on the evershop application server. An attacker can exploit this flaw to consume excessive server resources, potentially making the application unavailable to legitimate users and disrupting business operations.

Detection Guidance

This vulnerability can be detected by monitoring for unusual or excessive requests to the "GET /images" API endpoint of evershop 2.1.0 and prior. You can use network monitoring tools or web server logs to identify repeated or high-volume GET requests to /images. Additionally, checking for high resource consumption or server slowdowns when processing SVG files may indicate exploitation attempts. Specific commands depend on your environment, but examples include using curl to simulate requests: `curl -v http://your-evershop-server/images` or using tools like tcpdump or Wireshark to capture and analyze traffic targeting the /images endpoint.

Mitigation Strategies

Immediate mitigation steps include restricting or rate-limiting access to the "GET /images" API endpoint to prevent resource exhaustion. Applying input validation or filtering to limit the height of the use-element shadow tree and the dimensions of pattern tiles in SVG files can help. If possible, upgrade to a version of evershop that addresses this vulnerability once available. In the meantime, consider deploying web application firewalls (WAF) rules to block or throttle suspicious requests targeting the /images endpoint.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-67419. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart