CVE-2025-65844 identifies a critical vulnerability in EverShop version 2.0.1, specifically within the /api/images endpoint. This endpoint is accessible without any authentication by default, allowing remote attackers to upload arbitrary files and create directories on the server. The root cause is insufficient server-side validation of uploaded files, which means attackers can upload non-image files, including malicious scripts or HTML pages that could impersonate legitimate user or administrator login interfaces. Such impersonation can facilitate credential theft through phishing attacks hosted on the compromised server. Additionally, attackers can upload large or numerous files to exhaust disk space, leading to denial-of-service (DoS) conditions by preventing the server from functioning properly. The vulnerability is classified under CWE-434 (Unrestricted Upload of File with Dangerous Type). The CVSS 3.1 base score is 7.5, indicating high severity due to the vulnerability's network accessibility (AV:N), low attack complexity (AC:L), no privileges required (PR:N), and no user interaction needed (UI:N). The impact primarily affects integrity, as attackers can alter or add malicious content, but confidentiality and availability impacts are limited or indirect. No patches or known exploits have been reported yet, but the risk remains significant given the ease of exploitation and potential damage.

For European organizations using EverShop 2.0.1, this vulnerability poses a significant risk. Attackers can compromise the integrity of web applications by uploading malicious files that impersonate login pages, potentially leading to credential theft and unauthorized access. This can result in data breaches, loss of customer trust, and regulatory penalties under GDPR if personal data is compromised. The ability to perform denial-of-service attacks by exhausting disk space can disrupt business operations, causing downtime and financial losses. E-commerce platforms are particularly sensitive to such disruptions and reputational damage. Since the vulnerability requires no authentication and no user interaction, it can be exploited at scale by automated attacks, increasing the threat level. Organizations with public-facing EverShop instances are at higher risk, especially if they have not implemented additional access controls or file validation measures.

To mitigate CVE-2025-65844, organizations should immediately restrict access to the /api/images endpoint, ideally limiting it to authenticated and authorized users only. Implement strict server-side validation to ensure only legitimate image files with safe extensions and MIME types are accepted, rejecting all other file types. Employ content scanning to detect and block malicious payloads within uploaded files. Monitor server storage usage and set quotas or alerts to detect abnormal disk space consumption indicative of abuse. Regularly audit and review uploaded content directories for unauthorized files. If possible, update EverShop to a patched version once available or apply vendor-provided workarounds. Additionally, deploy web application firewalls (WAFs) with rules to block suspicious upload patterns and consider isolating upload directories from execution privileges to prevent execution of uploaded scripts. Educate administrators about this vulnerability and ensure incident response plans include steps to handle potential exploitation.