CVE-2025-68141 (GCVE-0-2025-68141)
Vulnerability from cvelistv5 – Published: 2026-01-21 19:56 – Updated: 2026-01-22 16:50
VLAI
Title
EVerest vulnerable to null pointer dereference during DC_ChargeLoopRes document deserialization
Summary
EVerest is an EV charging software stack. Prior to version 2025.10.0, during the deserialization of a `DC_ChargeLoopRes` message that includes Receipt as well as TaxCosts, the vector `<DetailedTax>tax_costs` in the target `Receipt` structure is accessed out of bounds. This occurs in the method `template <> void convert(const struct iso20_dc_DetailedTaxType& in, datatypes::DetailedTax& out)` which leads to a null pointer dereference and causes the module to terminate. The EVerest processes and all its modules shut down, affecting all EVSE. Version 2025.10.0 fixes the issue.
Severity
7.4 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-476 - NULL Pointer Dereference
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/EVerest/everest-core/security/… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| EVerest | everest-core |
Affected:
< 2025.10.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-68141",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-22T15:09:40.467662Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-22T16:50:38.843Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "everest-core",
"vendor": "EVerest",
"versions": [
{
"status": "affected",
"version": "\u003c 2025.10.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "EVerest is an EV charging software stack. Prior to version 2025.10.0, during the deserialization of a `DC_ChargeLoopRes` message that includes Receipt as well as TaxCosts, the vector `\u003cDetailedTax\u003etax_costs` in the target `Receipt` structure is accessed out of bounds. This occurs in the method `template \u003c\u003e void convert(const struct iso20_dc_DetailedTaxType\u0026 in, datatypes::DetailedTax\u0026 out)` which leads to a null pointer dereference and causes the module to terminate. The EVerest processes and all its modules shut down, affecting all EVSE. Version 2025.10.0 fixes the issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476: NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-21T19:56:14.482Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/EVerest/everest-core/security/advisories/GHSA-ph4w-r9q8-vm9h",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/EVerest/everest-core/security/advisories/GHSA-ph4w-r9q8-vm9h"
}
],
"source": {
"advisory": "GHSA-ph4w-r9q8-vm9h",
"discovery": "UNKNOWN"
},
"title": "EVerest vulnerable to null pointer dereference during DC_ChargeLoopRes document deserialization"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-68141",
"datePublished": "2026-01-21T19:56:14.482Z",
"dateReserved": "2025-12-15T18:15:08.404Z",
"dateUpdated": "2026-01-22T16:50:38.843Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2025-68141",
"date": "2026-06-28",
"epss": "0.00248",
"percentile": "0.15972"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2025-68141\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2026-01-21T20:16:06.523\",\"lastModified\":\"2026-06-17T09:58:37.380\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"EVerest is an EV charging software stack. Prior to version 2025.10.0, during the deserialization of a `DC_ChargeLoopRes` message that includes Receipt as well as TaxCosts, the vector `\u003cDetailedTax\u003etax_costs` in the target `Receipt` structure is accessed out of bounds. This occurs in the method `template \u003c\u003e void convert(const struct iso20_dc_DetailedTaxType\u0026 in, datatypes::DetailedTax\u0026 out)` which leads to a null pointer dereference and causes the module to terminate. The EVerest processes and all its modules shut down, affecting all EVSE. Version 2025.10.0 fixes the issue.\"},{\"lang\":\"es\",\"value\":\"EVerest es una pila de software de carga de veh\u00edculos el\u00e9ctricos. Antes de la versi\u00f3n 2025.10.0, durante la deserializaci\u00f3n de un mensaje `DC_ChargeLoopRes` que incluye Receipt y TaxCosts, se accede fuera de los l\u00edmites al vector `tax_costs` en la estructura `Receipt` de destino. Esto ocurre en el m\u00e9todo `template \u0026lt;\u0026gt; void convert(const struct iso20_dc_DetailedTaxType\u0026amp; in, datatypes::DetailedTax\u0026amp; out)` lo que lleva a una desreferenciaci\u00f3n de puntero nulo y provoca la terminaci\u00f3n del m\u00f3dulo. Los procesos de EVerest y todos sus m\u00f3dulos se apagan, afectando a todos los EVSE. La versi\u00f3n 2025.10.0 corrige el problema.\"}],\"affected\":[{\"source\":\"security-advisories@github.com\",\"affectedData\":[{\"vendor\":\"EVerest\",\"product\":\"everest-core\",\"versions\":[{\"version\":\"\u003c 2025.10.0\",\"status\":\"affected\"}]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H\",\"baseScore\":7.4,\"baseSeverity\":\"HIGH\",\"attackVector\":\"ADJACENT_NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":4.0}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2026-01-22T15:09:40.467662Z\",\"id\":\"CVE-2025-68141\",\"options\":[{\"exploitation\":\"none\"},{\"automatable\":\"no\"},{\"technicalImpact\":\"partial\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-476\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linuxfoundation:everest:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2025.10.0\",\"matchCriteriaId\":\"94E1768A-FED9-477E-A4B7-99FD10058D23\"}]}]}],\"references\":[{\"url\":\"https://github.com/EVerest/everest-core/security/advisories/GHSA-ph4w-r9q8-vm9h\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-68141\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-01-22T15:09:40.467662Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-01-22T15:09:41.519Z\"}}], \"cna\": {\"title\": \"EVerest vulnerable to null pointer dereference during DC_ChargeLoopRes document deserialization\", \"source\": {\"advisory\": \"GHSA-ph4w-r9q8-vm9h\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 7.4, \"attackVector\": \"ADJACENT_NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"EVerest\", \"product\": \"everest-core\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 2025.10.0\"}]}], \"references\": [{\"url\": \"https://github.com/EVerest/everest-core/security/advisories/GHSA-ph4w-r9q8-vm9h\", \"name\": \"https://github.com/EVerest/everest-core/security/advisories/GHSA-ph4w-r9q8-vm9h\", \"tags\": [\"x_refsource_CONFIRM\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"EVerest is an EV charging software stack. Prior to version 2025.10.0, during the deserialization of a `DC_ChargeLoopRes` message that includes Receipt as well as TaxCosts, the vector `\u003cDetailedTax\u003etax_costs` in the target `Receipt` structure is accessed out of bounds. This occurs in the method `template \u003c\u003e void convert(const struct iso20_dc_DetailedTaxType\u0026 in, datatypes::DetailedTax\u0026 out)` which leads to a null pointer dereference and causes the module to terminate. The EVerest processes and all its modules shut down, affecting all EVSE. Version 2025.10.0 fixes the issue.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-476\", \"description\": \"CWE-476: NULL Pointer Dereference\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2026-01-21T19:56:14.482Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-68141\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-01-22T16:50:38.843Z\", \"dateReserved\": \"2025-12-15T18:15:08.404Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2026-01-21T19:56:14.482Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…