CVE-2025-68132

Name of the Vulnerable Software and Affected Versions EVerest versions prior to 2025.12.0

Description The software, EVerest, an EV charging software stack, contains a flaw in the is message crc correct function within the DZG GSH01 powermeter SLIP parser. This function reads data from vec[vec.size()-1] and vec[vec.size()-2] without verifying that the vec vector contains at least two bytes. When malformed SLIP frames are received via the serial link, and the multi-message path is used, vec.size() can be less than 2. This leads to an out-of-bounds read before CRC verification and a pop back underflow. An attacker who can control the serial input can cause the process to crash.

Recommendations Update to version 2025.12.0 or later.