CVE-2025-12919

EverShop Order Order.resolvers.js resource injection

Description

A vulnerability was detected in EverShop up to 2.0.1. Affected is an unknown function of the file /src/modules/oms/graphql/types/Order/Order.resolvers.js of the component Order Handler. The manipulation of the argument uuid results in improper control of resource identifiers. The attack may be performed from remote. This attack is characterized by high complexity. The exploitability is told to be difficult. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

INFO

Published Date :

2025-11-09T20:02:06.116Z

Last Modified :

2026-02-24T06:25:20.029Z

Source :

VulDB

AFFECTED PRODUCTS

The following products are affected by CVE-2025-12919 vulnerability.

Vendors	Products
Evershop	Evershop

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-12919.

URL	Resource
https://github.com/ictrun/Evershop-Order-leak/blob/main/README.md
https://github.com/ictrun/Evershop-Order-leak/blob/main/README.md#attack-steps
https://vuldb.com/?ctiid.331639
https://vuldb.com/?id.331639
https://vuldb.com/?submit.680788

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Attack Requirements

Privileges Required

User Interaction

VS Confidentiality

VS Integrity

VS Availability

SS Confidentiality

SS Integrity

SS Availability

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact

Detailed values of each vector for above chart.

Access Vector

Access Complexity

Authentication

Confidentiality Impact

Integrity Impact

Availability Impact