CVE-2025-68136

EVerest is an EV charging software stack. Prior to version 2025.10.0, once the module receives a SDP request, it creates a whole new set of objects like `Session`, `IConnection` which open new TCP socket for the ISO15118-20 communications and registers callbacks for the created file descriptor, without closing and destroying the previous ones. Previous `Session` is not saved and the usage of an `unique_ptr` is lost, destroying connection data. Latter, if the used socket and therefore file descriptor is not the last one, it will lead to a null pointer dereference. Version 2025.10.0 fixes the issue.

CVSS v3 7.4 HIGH

7.4^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 4.0

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://github.com/EVerest/everest-core/security/advisories/GHSA-4h8h-x5cp-g22r	Exploit Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:o:linuxfoundation:everest:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2026-01-21 20:16

Updated : 2026-02-06 21:21

NVD link : CVE-2025-68136

Mitre link : CVE-2025-68136

CVE.ORG link : CVE-2025-68136

JSON object : View

Products Affected

linuxfoundation

everest

CWE

CWE-770

Allocation of Resources Without Limits or Throttling

{"id": "CVE-2025-68136", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.4, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 4.0, "exploitabilityScore": 2.8}]}, "published": "2026-01-21T20:16:05.677", "references": [{"url": "https://github.com/EVerest/everest-core/security/advisories/GHSA-4h8h-x5cp-g22r", "tags": ["Exploit", "Vendor Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-770"}]}], "descriptions": [{"lang": "en", "value": "EVerest is an EV charging software stack. Prior to version 2025.10.0, once the module receives a SDP request, it creates a whole new set of objects like `Session`, `IConnection` which open new TCP socket for the ISO15118-20 communications and registers callbacks for the created file descriptor, without closing and destroying the previous ones. Previous `Session` is not saved and the usage of an `unique_ptr` is lost, destroying connection data. Latter, if the used socket and therefore file descriptor is not the last one, it will lead to a null pointer dereference. Version 2025.10.0 fixes the issue."}, {"lang": "es", "value": "EVerest es una pila de software de carga de VE. Antes de la versi\u00f3n 2025.10.0, una vez que el m\u00f3dulo recibe una solicitud SDP, crea un conjunto completamente nuevo de objetos como 'Session', 'IConnection' que abren un nuevo socket TCP para las comunicaciones ISO15118-20 y registra retrollamadas para el descriptor de archivo creado, sin cerrar y destruir los anteriores. La 'Session' anterior no se guarda y el uso de un 'unique_ptr' se pierde, destruyendo los datos de conexi\u00f3n. Posteriormente, si el socket utilizado y, por lo tanto, el descriptor de archivo no es el \u00faltimo, esto conducir\u00e1 a una desreferenciaci\u00f3n de puntero nulo. La versi\u00f3n 2025.10.0 corrige el problema."}], "lastModified": "2026-02-06T21:21:48.500", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linuxfoundation:everest:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "94E1768A-FED9-477E-A4B7-99FD10058D23", "versionEndExcluding": "2025.10.0"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}