Openv2G · Openv2G · CVE-2025-24956
Name of the Vulnerable Software and Affected Versions:
OpenV2G versions prior to 0.9.6
Description:
A vulnerability has been identified in the OpenV2G EXI parsing feature, which is missing a length check when parsing X509 serial numbers. This allows an attacker to introduce a buffer overflow, leading to memory corruption.
Recommendations:
For versions prior to 0.9.6, update to version 0.9.6 or later to resolve the issue. As a temporary workaround, consider restricting the use of the EXI parsing feature until a patch is available.