CVE-2025-68137

CVSS v3.1

8.3

High

Vector

AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions EVerest versions prior to 2025.10.0

Description EVerest is an EV charging software stack. An integer overflow in the SdpPacket::parse header() function can occur when processing data. Specifically, the current buffer length can be set to 7 after an 8-byte header has been read. This results in a negative value when calculating the remaining length to read, which is then interpreted as a large positive value due to the size t data type. This can lead to an infinite loop or a stack buffer overflow, depending on whether the connection is plain TCP or TLS.

Recommendations Versions prior to 2025.10.0 should be updated to version 2025.10.0 or later.

Exploit

Fix

Infinite Loop

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-835CWE-120

Related Identifiers

CVE-2025-68137

GHSA-7QQ4-Q9R8-WC7W

Affected Products

Everest

CVE-2025-68137

Weakness Enumeration

Related Identifiers

Affected Products

References · 8