CVE-2025-68141

Name of the Vulnerable Software and Affected Versions EVerest versions prior to 2025.10.0

Description EVerest is an EV charging software stack. Prior to version 2025.10.0, an out-of-bounds access issue exists during the deserialization of a DC ChargeLoopRes message containing Receipt and TaxCosts. Specifically, the vector <DetailedTax>tax costs within the Receipt structure is accessed improperly in the convert function, leading to a null pointer dereference and termination of the EVerest processes and associated modules, impacting all EVSE.

Recommendations Update to version 2025.10.0 or later.