CVE-2025-67419
📋 TL;DR
An unauthenticated Denial of Service vulnerability in evershop allows attackers to crash application servers by sending specially crafted SVG image requests. Attackers can exhaust server resources through the /images API endpoint, causing system-wide service disruption. All evershop installations version 2.1.0 and earlier are affected.
💻 Affected Systems
- evershop
📦 What is this software?
Evershop by Evershop
⚠️ Risk & Real-World Impact
Worst Case
Complete application server crash requiring manual restart, extended downtime, and potential data corruption if the server is overwhelmed.
Likely Case
Temporary service unavailability, degraded performance for legitimate users, and increased resource costs from excessive CPU/memory consumption.
If Mitigated
Minimal impact with proper rate limiting, input validation, and resource monitoring in place.
🎯 Exploit Status
Exploitation requires only HTTP GET requests to the vulnerable endpoint with malicious SVG payloads. Public proof-of-concept code is available.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Not available
Vendor Advisory: https://github.com/evershopcommerce/evershop
Restart Required: No
Instructions:
1. Monitor evershop GitHub repository for security updates. 2. Upgrade to a patched version when available. 3. Apply workarounds immediately.
🔧 Temporary Workarounds
Rate Limit /images Endpoint
allImplement request rate limiting on the /images API endpoint to prevent resource exhaustion attacks.
# Example using nginx rate limiting
limit_req_zone $binary_remote_addr zone=images:10m rate=10r/s;
location /images {
limit_req zone=images burst=20 nodelay;
proxy_pass http://evershop_backend;
}
Block SVG Uploads Temporarily
allDisable SVG file processing in evershop configuration until a patch is available.
# Modify evershop configuration to reject SVG files
# Check evershop documentation for specific configuration options
🧯 If You Can't Patch
- Implement Web Application Firewall (WAF) rules to block malicious SVG payloads targeting the /images endpoint.
- Monitor server resource usage and set up alerts for abnormal CPU/memory spikes from the evershop process.
🔍 How to Verify
Check if Vulnerable:
Check if evershop version is 2.1.0 or earlier and if the /images endpoint accepts SVG files without size/recursion limits.Check Version:
Check evershop package.json or admin interface for version information.Verify Fix Applied:
Test that SVG files with excessive shadow tree depth or pattern tile dimensions are rejected or properly limited.📡 Detection & Monitoring
Log Indicators:
- High frequency of requests to /images endpoint
- Server error logs showing out-of-memory or timeout errors
- Unusually large SVG file uploads
Network Indicators:
- Spike in traffic to /images endpoint
- Multiple requests with SVG payloads from single IPs
- Abnormal response times from evershop server
SIEM Query:
source="evershop" AND (uri_path="/images" AND (status_code=500 OR response_time>5000)) | stats count by src_ip