Cybersecurity Vulnerabilities

Unauthenticated File Upload in EverShop 2.0.1: A Critical Vulnerability (CVE-2025-65844)

December 2, 2025 - By 

Overview

CVE-2025-65844 details a critical vulnerability affecting EverShop version 2.0.1. This vulnerability allows an unauthenticated attacker to upload arbitrary files and create directories within the /api/images endpoint. This poses a significant security risk as malicious files could be uploaded and executed, potentially leading to remote code execution, data breaches, and system compromise.

Technical Details

The vulnerability stems from insufficient access control and input validation on the /api/images endpoint. An attacker can directly send a crafted HTTP request to this endpoint to upload any file type, bypassing any intended authentication mechanisms. Furthermore, the attacker can create arbitrary directories within the images folder, further facilitating malicious activity.

CVSS Analysis

Currently, the CVSS score for CVE-2025-65844 is listed as N/A. However, due to the potential for unauthenticated remote code execution and data compromise, this vulnerability should be considered high severity. Awaiting an official CVSS score update from a CVE numbering authority is recommended. It’s crucial to immediately address the risk irrespective of the present N/A CVSS score.

Possible Impact

The exploitation of this vulnerability can lead to severe consequences, including:

  • Remote Code Execution (RCE): Uploading and executing malicious scripts or binaries.
  • Web Shell Deployment: Establishing persistent access to the server through a web shell.
  • Data Breach: Accessing sensitive data stored on the server.
  • Defacement: Altering the website’s content for malicious purposes.
  • Denial of Service (DoS): Overwhelming the server with malicious files or processes.

Mitigation or Patch Steps

To mitigate this vulnerability, the following steps should be taken:

  1. Upgrade EverShop: Upgrade to a patched version of EverShop if one is available. Check the official EverShop website or GitHub repository for updates.
  2. Implement Authentication: Add proper authentication and authorization checks to the /api/images endpoint to prevent unauthenticated access.
  3. Input Validation: Implement strict input validation on the file name and file content to prevent the upload of malicious files. Only allow permitted file types.
  4. File Size Limits: Enforce strict file size limits to prevent the upload of extremely large files that could lead to a denial of service.
  5. Directory Traversal Prevention: Implement measures to prevent directory traversal attacks, ensuring that attackers cannot create or modify files outside the intended directory.

References

EverShop Issue #819 on GitHub

Cybersecurity specialist and founder of Gowri Shankar Infosec - a professional blog dedicated to sharing actionable insights on cybersecurity, data protection, server administration, and compliance frameworks including SOC 2, PCI DSS, and GDPR.

Related Posts

CVE-2025-61932 Critical Remote Code Execution Vulnerability in LANSCOPE Endpoint Manager

CVE-2025-61932: Critical Remote Code Execution Vulnerability in LANSCOPE Endpoint Manager

October 23, 2025

Leave a Reply

Your email address will not be published. Required fields are marked *