CVE-2025-67427 – A Blind Server-Side Request Forgery vulnerabili... (How to Fix)

Q: What is the severity of CVE-2025-67427?

CVE-2025-67427 has a CVSS score of 6.5 (MEDIUM). A Blind Server-Side Request Forgery vulnerability in evershop allows unauthenticated attackers to force the server to make HTTP requests to arbitrary internal or external systems. This affects evershop 2.1.0 and earlier versions, potentially exposing internal network resources or enabling further attacks.

📋 TL;DR

A Blind Server-Side Request Forgery vulnerability in evershop allows unauthenticated attackers to force the server to make HTTP requests to arbitrary internal or external systems. This affects evershop 2.1.0 and earlier versions, potentially exposing internal network resources or enabling further attacks.

💻 Affected Systems

Products:

evershop

Versions: 2.1.0 and prior

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Affects all deployments with the vulnerable API endpoint accessible.

📦 What is this software?

Evershop by Evershop

View all CVEs affecting Evershop →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could access internal services, exfiltrate sensitive data, or chain with other vulnerabilities to achieve remote code execution.

🟠

Likely Case

Information disclosure from internal services, port scanning of internal networks, or abuse of server resources for external attacks.

🟢

If Mitigated

Limited to denial-of-service via resource exhaustion or failed connection attempts.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Simple HTTP request manipulation required; public proof-of-concept available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not available

Vendor Advisory: https://github.com/evershopcommerce/evershop

Restart Required: No

Instructions:

Check evershop GitHub repository for security updates; no official patch currently available.

🔧 Temporary Workarounds

Input Validation Filter

all

Implement strict validation of the 'src' parameter to only allow local file paths or trusted domains.

Modify /images API endpoint code to validate input

Network Segmentation

all

Restrict outbound network access from evershop servers to only necessary services.

Configure firewall rules to block unnecessary outbound connections

🧯 If You Can't Patch

Implement Web Application Firewall (WAF) rules to block SSRF patterns
Disable or restrict access to the vulnerable /images API endpoint

🔍 How to Verify

Check if Vulnerable:

Test by sending a request to /images?src=http://internal-service and observing if the server attempts the connection.

Check Version:

Check evershop package.json or version file for version number

Verify Fix Applied:

Verify that the same test request is rejected or properly validated.

📡 Detection & Monitoring

Log Indicators:

Unusual outbound HTTP requests from server
Multiple failed connection attempts to internal IPs

Network Indicators:

Server making unexpected HTTP requests to internal networks

SIEM Query:

source_ip=evershop_server AND dest_ip=internal_range AND protocol=HTTP

📊 Metadata

CVE ID: CVE-2025-67427

CVSS v3 Score: 6.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CWE: CWE-918

EPSS Score: 0.05% exploit probability (15.5th percentile)

Published: January 5, 2026

Last Updated: January 12, 2026

🔗 References

https://github.com/dos-m0nk3y/CVE/tree/main/CVE-2025-67427 Third Party Advisory
https://github.com/evershopcommerce/evershop Product

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-67427, you might also want to check these: