Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2025-68132— EVerest has out-of-bounds read in DZG_GSH01 SLIP CRC parser that can crash powermeter driver

EPSS 0.03% · P10
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2025-68132

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
EVerest has out-of-bounds read in DZG_GSH01 SLIP CRC parser that can crash powermeter driver
Source: NVD (National Vulnerability Database)
Vulnerability Description
EVerest is an EV charging software stack. Prior to version 2025.12.0, `is_message_crc_correct` in the DZG_GSH01 powermeter SLIP parser reads `vec[vec.size()-1]` and `vec[vec.size()-2]` without checking that at least two bytes are present. Malformed SLIP frames on the serial link can reach `is_message_crc_correct` with `vec.size() < 2` (only via the multi-message path), causing an out-of-bounds read before CRC verification and `pop_back` underflow. Therefore, an attacker controlling the serial input can reliably crash the process. Version 2025.12.0 fixes the issue.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
跨界内存读
Source: NVD (National Vulnerability Database)
Vulnerability Title
everest-core 缓冲区错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
everest-core是EVerest开源的一个电动汽车充电软件堆栈的主要部分。 everest-core 2025.12.0之前版本存在缓冲区错误漏洞,该漏洞源于DZG_GSH01功率计SLIP解析器中的is_message_crc_correct函数未检查至少存在两个字节,可能导致越界读取和pop_back下溢,引发进程崩溃。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
EVeresteverest-core < 2025.12.0 -

II. Public POCs for CVE-2025-68132

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2025-68132

登录查看更多情报信息。

Same Patch Batch · EVerest · 2026-01-21 · 11 CVEs total

CVE-2025-681378.4 HIGHEVerest's Integer Overflow and Signed to Unsigned conversion lead to either stack buffer o
CVE-2025-681337.4 HIGHEVerest's unlimited connections can lead to DoS through operating system resource exhausti
CVE-2025-681347.4 HIGHEVerest's use of assert functions can potentially lead to denial of service
CVE-2025-681367.4 HIGHEVerest's inadequate session handling can lead to memory-related errors or exhaustion of t
CVE-2025-681417.4 HIGHEVerest vulnerable to null pointer dereference during DC_ChargeLoopRes document deserializ
CVE-2025-681356.5 MEDIUMEVerest's inadequate exception handling leads to denial of service
CVE-2025-681384.7 MEDIUMEVerest affected by memory exhaustion in libocpp
CVE-2025-681394.3 MEDIUMIn EVerest, by default, the EV is responsible for closing the connection if the module enc
CVE-2025-681404.3 MEDIUMEVerest allows null session ID to bypass session ID verification
CVE-2026-239554.2 MEDIUMEVerest vulnerable to concatenation of strings literal and integers

IV. Related Vulnerabilities

Same product: everest-core
Same vendor: EVerest
Same weakness: CWE-125

V. Comments for CVE-2025-68132

No comments yet

Leave a comment