What is the CVSS score of CVE-2025-68141?

CVE-2025-68141 has a CVSS 3.1 base score of 7.4 (High). CVSS vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H. EPSS exploitation probability: 0.1%.

Which versions of Everest are affected by CVE-2025-68141?

Organizations using EVerest face moderate risk from CVE-2025-68141, a null pointer dereference vulnerability rated CVSS 7.4. Exploitation could compromise the security of affected deployments.

Is there a public PoC exploit available for CVE-2025-68141?

Yes, a public proof-of-concept exploit is available for CVE-2025-68141. Prioritise patching immediately. EPSS: 0.1%.

How to fix or mitigate CVE-2025-68141?

Within 7 days: Identify all affected systems and apply vendor patches promptly. Monitor vendor channels for patch availability.

Everest CVE-2025-68141

HIGH

NULL Pointer Dereference (CWE-476)

2026-01-21 security-advisories@github.com

Null Pointer Dereference Deserialization Everest

7.4

CVSS 3.1 · GitHub Advisory

Severity by source

GitHub Advisory PRIMARY

7.4 HIGH

AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Attack Vector

Adjacent

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

None

Integrity

None

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:54 vuln.today

PoC Detected

Feb 06, 2026 - 21:22 vuln.today

Public exploit code

CVE Published

Jan 21, 2026 - 20:16 nvd

HIGH 7.4

DescriptionGitHub Advisory

EVerest is an EV charging software stack. Prior to version 2025.10.0, during the deserialization of a DC_ChargeLoopRes message that includes Receipt as well as TaxCosts, the vector <DetailedTax>tax_costs in the target Receipt structure is accessed out of bounds. This occurs in the method template <> void convert(const struct iso20_dc_DetailedTaxType& in, datatypes::DetailedTax& out) which leads to a null pointer dereference and causes the module to terminate. The EVerest processes and all its modules shut down, affecting all EVSE. Version 2025.10.0 fixes the issue.

AnalysisAI

Technical ContextAI

Classified as CWE-476 (NULL Pointer Dereference). Affects Everest. EVerest is an EV charging software stack. Prior to version 2025.10.0, during the deserialization of a DC_ChargeLoopRes message that includes Receipt as well as TaxCosts, the vector <DetailedTax>tax_costs in the target Receipt structure is accessed out of bounds. This occurs in the method template <> void convert(const struct iso20_dc_DetailedTaxType& in, datatypes::DetailedTax& out) which leads to a null pointer dereference and causes the module to terminate. The EVerest processes and al

RemediationAI

Monitor vendor advisories for a patch.

CVE-2025-68141 vulnerability details – vuln.today

Back

Everest CVE-2025-68141

Severity by source

CVSS VectorGitHub Advisory

Lifecycle Timeline

DescriptionGitHub Advisory

AnalysisAI

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code