CVE-2025-68133

Name of the Vulnerable Software and Affected Versions EVerest versions 2025.9.0 and below

Description EVerest is an EV charging software stack susceptible to a denial-of-service condition. An attacker can exhaust the operating system's memory, leading to the termination of the module and affecting all EVSE functionality. This occurs by initiating an unlimited number of TCP connections that do not proceed to ISO 15118-2 communication. The system starts a new thread for each incoming TCP or TLS socket connection before verification, and the verification process is overly permissive.

Recommendations Update to version 2025.10.0 or later.