CVE-2025-12919
LOWDescription
A vulnerability was detected in EverShop up to 2.0.1. Affected is an unknown function of the file /src/modules/oms/graphql/types/Order/Order.resolvers.js of the component Order Handler. The manipulation of the argument uuid results in improper control of resource identifiers. The attack may be performed from remote. This attack is characterized by high complexity. The exploitability is told to be difficult. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| evershop | evershop |
References
Exploits
Frequently Asked Questions
What is CVE-2025-12919? +
How severe is CVE-2025-12919? +
What products are affected by CVE-2025-12919? +
How do I check if I'm vulnerable to CVE-2025-12919? +
Related Vulnerabilities
A vulnerability in the Poly Lens Desktop application running on the Windows platform might allow modifications to the filesystem, which …
Overview The product receives input from an upstream component, but it does not restrict or incorrectly restricts the input before …
Port manipulation vulnerabilities in ASPECT provide attackers with the ability to con-trol TCP/IP port access if session administrator credentials become …
DataSourceResource.java in the SpagoBI API support in Knowage Server in KNOWAGE before 8.1.30 does not ensure that java:comp/env/jdbc/ occurs at …
The product receives input from an upstream component, but it does not restrict or incorrectly restricts the input before it …
A flaw was found in FFmpeg's DASH playlist support. This vulnerability allows arbitrary HTTP GET requests to be made on …