What is the CVSS score of CVE-2025-68134?

CVE-2025-68134 has a CVSS 3.1 base score of 7.4 (High). CVSS vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H. EPSS exploitation probability: 0.1%.

Which versions of Everest are affected by CVE-2025-68134?

Organizations using EVerest face moderate risk from CVE-2025-68134, a input validation vulnerability rated CVSS 7.4. Exploitation could compromise the security of affected deployments.

How to fix or mitigate CVE-2025-68134?

Within 7 days: Identify all affected systems and apply vendor patches promptly. Monitor vendor channels for patch availability.

Everest CVE-2025-68134

HIGH

Improper Input Validation (CWE-20)

2026-01-21 security-advisories@github.com

Denial Of Service Everest

7.4

CVSS 3.1 · GitHub Advisory

Severity by source

GitHub Advisory PRIMARY

7.4 HIGH

AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Attack Vector

Adjacent

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

None

Integrity

None

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:54 vuln.today

CVE Published

Jan 21, 2026 - 19:16 nvd

HIGH 7.4

DescriptionGitHub Advisory

EVerest is an EV charging software stack. Prior to version 2025.10.0, the use of the assert function to handle errors frequently causes the module to crash. This is particularly critical because the manager shuts down all other modules and exits when any one of them terminates, leading to a denial of service. In a context where a manager handles multiple EVSE, this would also impact other users. Version 2025.10.0 fixes the issue.

AnalysisAI

EVerest is an EV charging software stack. Prior to version 2025.10.0, the use of the assert function to handle errors frequently causes the module to crash. [CVSS 7.4 HIGH]

Technical ContextAI

Classified as CWE-20 (Improper Input Validation). Affects Everest. EVerest is an EV charging software stack. Prior to version 2025.10.0, the use of the assert function to handle errors frequently causes the module to crash. This is particularly critical because the manager shuts down all other modules and exits when any one of them terminates, leading to a denial of service. In a context where a manager handles multiple EVSE, this would also impact other users. Version 2025.10.0 fixes the issue.

RemediationAI

Monitor vendor advisories for a patch.

CVE-2025-68134 vulnerability details – vuln.today

Back

Everest CVE-2025-68134

Severity by source

CVSS VectorGitHub Advisory

Lifecycle Timeline

DescriptionGitHub Advisory

AnalysisAI

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code