Everest
CVE-2025-68137
HIGH
Severity by source
AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Primary rating from GitHub Advisory · only source for this CVE.
CVSS VectorGitHub Advisory
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Lifecycle Timeline
3DescriptionGitHub Advisory
EVerest is an EV charging software stack. Prior to version 2025.10.0, an integer overflow occurring in SdpPacket::parse_header() allows the current buffer length to be set to 7 after a complete header of size 8 has been read. The remaining length to read is computed using the current length subtracted by the header length which results in a negative value. This value is then interpreted as SIZE_MAX (or slightly less) because the expected type of the argument is size_t. Depending on whether the server is plain TCP or TLS, this leads to either an infinite loop or a stack buffer overflow. Version 2025.10.0 fixes the issue.
AnalysisAI
EVerest is an EV charging software stack. Prior to version 2025.10.0, an integer overflow occurring in SdpPacket::parse_header() allows the current buffer length to be set to 7 after a complete header of size 8 has been read. [CVSS 8.3 HIGH]
Technical ContextAI
Classified as CWE-120 (Classic Buffer Overflow). Affects Everest. EVerest is an EV charging software stack. Prior to version 2025.10.0, an integer overflow occurring in SdpPacket::parse_header() allows the current buffer length to be set to 7 after a complete header of size 8 has been read. The remaining length to read is computed using the current length subtracted by the header length which results in a negative value. This value is then interpreted as SIZE_MAX (or slightly less) because the expected type of the argument is size_t. Depending on whether
RemediationAI
Monitor vendor advisories for a patch. Enable ASLR, DEP/NX, and stack canaries where possible.
EVerest is an EV charging software stack. Prior to version 2025.10.0, during the deserialization of a `DC_ChargeLoopRes`
EVerest is an EV charging software stack. Prior to version 2025.10.0, once the module receives a SDP request, it creates
EVerest is an EV charging software stack. In versions 2025.9.0 and below, an attacker can exhaust the operating system's
EVerest is an EV charging software stack. Prior to version 2025.10.0, C++ exceptions are not properly handled for and by
EVerest is an EV charging software stack. Prior to version 2025.12.0, `is_message_crc_correct` in the DZG_GSH01 powermet
Everest EV charging software prior to version 2025.9.0 contains an improper pointer arithmetic flaw in error handling wh
EVerest is an EV charging software stack. Prior to version 2025.10.0, the use of the `assert` function to handle errors
EVerest is an EV charging software stack. [CVSS 4.3 MEDIUM]
EVerest is an EV charging software stack. Prior to version 2025.9.0, once the validity of the received V2G message has b
EVerest is an EV charging software stack. In all versions up to and including 2025.12.1, the default value for `terminat
EVerest EV charging software prior to version 2026.02.0 contains a race condition in concurrent map access that can corr
EVerest EV charging software versions before 2026.02.0 contain a race condition in std::string handling triggered by con
Same weakness CWE-120 – Classic Buffer Overflow
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today