PT-2026-3852 · Everest · Everest
Published
2026-01-21
·
Updated
2026-01-21
·
CVE-2025-68139
CVSS v3.1
4.3
Medium
| Vector | AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
EVerest versions up to and including 2025.12.1
Description
EVerest is an EV charging software stack. By default, the
terminate connection on failed response setting is set to False in all versions up to and including 2025.12.1. This configuration places the responsibility for session and connection termination on the EV. Errors encountered by the module are logged but do not trigger automatic session and connection reset or termination. This could potentially be exploited by a malicious user to take advantage of other weaknesses. The terminate connection on failed response variable controls this behavior.Recommendations
Change the
terminate connection on failed response setting to true.Exploit
Fix
Session Fixation
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Everest