CVE-2025-65844

🔴 HIGH

Published

Dec 02, 2025

Last Modified

Dec 06, 2025

Views

Bookmarks

Description

Request Expert Review

EverShop 2.0.1 allows a remote unauthenticated attacker to upload arbitrary files and create directories via the /api/images endpoint. The endpoint is accessible without authentication by default, and server-side validation of uploaded files is insufficient. This can be abused to upload arbitrary content (including non-image files) which could impersonate user/admin login panels (exfiltrating credentials) and to perform a denial-of-service attack by exhausting disk space.

Affected Products (1)

evershop - evershop

Version: 2.0.1

CVSS Scores

CVSS 3.1 7.5

7.5

HIGH

CVSS 2.0 7.5

References

github.com

Additional Information

Source: cve@mitre.org
State: Modified

Related CVEs

CVE-2026-0837

HIGH

A vulnerability was identified in UTT 进取 520W 1.7.7-180627. This affects the function strcpy of the file /goform/formFireWall. Such manipulation of...

Score: 8.8

CVE-2026-0836

HIGH

A vulnerability was determined in UTT 进取 520W 1.7.7-180627. The impacted element is the function strcpy of the file /goform/formConfigFastDirectionW...

Score: 8.8

CVE-2025-15505

LOW

A vulnerability was found in Luxul XWR-600 up to 4.0.1. The affected element is an unknown function of the component Web Administration Interface. The...

Score: 2.4

CVE-2026-0824

LOW

A security flaw has been discovered in questdb ui up to 1.11.9. Impacted is an unknown function of the component Web Console. The manipulation results...

Score: 3.5

CVE-2026-0822

MEDIUM

A vulnerability was identified in quickjs-ng quickjs up to 0.11.0. This issue affects the function js_typed_array_sort of the file quickjs.c. The mani...

Score: 6.3

CVE-2025-13393

MEDIUM

The Featured Image from URL (FIFU) plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.3.1. This...

Score: 4.3

Share CVE-2025-65844

Share on Social Media

Copy Link

Embed Code

HTML Embed (for websites/blogs)

Markdown (for GitHub/Discord)

Request Expert Analysis

Request a professional security analysis for CVE-2025-65844 from our verified experts.

Credits System

Use your credits to get expert analysis from verified security professionals. Purchase more credits anytime!

Priority Level

SLA Acceleration (50% faster delivery)

Add 3 credits for accelerated delivery

Additional Context (Optional)

Base Cost: 8 credits

Priority Upgrade: + credits

SLA Acceleration: +3 credits

Total Cost:

Your Balance:

Insufficient Credits

You need more credits to submit this request.

Buy Credits

CVE-2025-65844

Description

Affected Products (1)

evershop - evershop

CVSS Scores

References

Additional Information

Related CVEs

CVE-2026-0837

CVE-2026-0836

CVE-2025-15505

CVE-2026-0824

CVE-2026-0822

CVE-2025-13393

Share CVE-2025-65844

Share on Social Media

Copy Link

Embed Code

Request Expert Analysis

Credits System

Insufficient Credits

Report Analysis