CVE-2025-68136

CVSS v3.1

7.4

High

Vector

AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions EVerest versions prior to 2025.10.0

Description EVerest is an EV charging software stack. Prior to version 2025.10.0, the software does not properly close and destroy previous connections when receiving a Session Description Protocol (SDP) request. This results in the creation of new objects like Session and IConnection, opening new TCP sockets for ISO15118-20 communications and registering callbacks for the created file descriptor. The failure to save the previous Session and the loss of the unique ptr can lead to a null pointer dereference if the used socket is not the last one.

Recommendations Update to version 2025.10.0 or later.

Exploit

Fix

Allocation of Resources Without Limits

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-770

Related Identifiers

CVE-2025-68136

GHSA-4H8H-X5CP-G22R

Affected Products

Everest

CVE-2025-68136

Weakness Enumeration

Related Identifiers

Affected Products

References · 6