CVE-2025-68136— EVerest's inadequate session handling can lead to memory-related errors or exhaustion of the operating system’s file descriptors, resulting in a denial of service
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2025-68136
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
EVerest's inadequate session handling can lead to memory-related errors or exhaustion of the operating system’s file descriptors, resulting in a denial of service
Source: NVD (National Vulnerability Database)
Vulnerability Description
EVerest is an EV charging software stack. Prior to version 2025.10.0, once the module receives a SDP request, it creates a whole new set of objects like `Session`, `IConnection` which open new TCP socket for the ISO15118-20 communications and registers callbacks for the created file descriptor, without closing and destroying the previous ones. Previous `Session` is not saved and the usage of an `unique_ptr` is lost, destroying connection data. Latter, if the used socket and therefore file descriptor is not the last one, it will lead to a null pointer dereference. Version 2025.10.0 fixes the issue.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
不加限制或调节的资源分配
Source: NVD (National Vulnerability Database)
Vulnerability Title
everest-core 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
everest-core是EVerest开源的一个电动汽车充电软件堆栈的主要部分。 everest-core 2025.10.0之前版本存在安全漏洞,该漏洞源于模块在收到SDP请求后创建新对象时未关闭和销毁先前对象,可能导致空指针取消引用。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| EVerest | everest-core | < 2025.10.0 | - |
II. Public POCs for CVE-2025-68136
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2025-68136
请登录查看更多情报信息。
Same Patch Batch · EVerest · 2026-01-21 · 11 CVEs total
| CVE-2025-68137 | 8.4 HIGH | EVerest's Integer Overflow and Signed to Unsigned conversion lead to either stack buffer o |
| CVE-2025-68133 | 7.4 HIGH | EVerest's unlimited connections can lead to DoS through operating system resource exhausti |
| CVE-2025-68134 | 7.4 HIGH | EVerest's use of assert functions can potentially lead to denial of service |
| CVE-2025-68141 | 7.4 HIGH | EVerest vulnerable to null pointer dereference during DC_ChargeLoopRes document deserializ |
| CVE-2025-68135 | 6.5 MEDIUM | EVerest's inadequate exception handling leads to denial of service |
| CVE-2025-68138 | 4.7 MEDIUM | EVerest affected by memory exhaustion in libocpp |
| CVE-2025-68139 | 4.3 MEDIUM | In EVerest, by default, the EV is responsible for closing the connection if the module enc |
| CVE-2025-68140 | 4.3 MEDIUM | EVerest allows null session ID to bypass session ID verification |
| CVE-2026-23955 | 4.2 MEDIUM | EVerest vulnerable to concatenation of strings literal and integers |
| CVE-2025-68132 | EVerest has out-of-bounds read in DZG_GSH01 SLIP CRC parser that can crash powermeter driv |
IV. Related Vulnerabilities
Same product: everest-core
- CVE-2026-33015
EVerest has RemoteStop Bypass via BCB Toggle Session Restart - CVE-2026-33014
EVerest has Delayed Authorization Response Bypasses Terminat - CVE-2026-33009
EVerest: MQTT Switch-Phases Command Data Race Causing Charge - CVE-2026-29044
EVerest: Charging Continues When WithdrawAuthorization Is Pr - CVE-2026-27828
EVerest: ISO15118 session_setup use-after-free can crash EVS
Same vendor: EVerest
- CVE-2026-33015
EVerest has RemoteStop Bypass via BCB Toggle Session Restart - CVE-2026-33014
EVerest has Delayed Authorization Response Bypasses Terminat - CVE-2026-33009
EVerest: MQTT Switch-Phases Command Data Race Causing Charge - CVE-2026-29044
EVerest: Charging Continues When WithdrawAuthorization Is Pr - CVE-2026-27828
EVerest: ISO15118 session_setup use-after-free can crash EVS
Same weakness: CWE-770
- CVE-2026-42294
Argo Workflows: Unauthenticated Memory Exhaustion (DoS) in W - CVE-2026-42189
Russh: Pre-auth DoS via unbounded allocation in keyboard-int - CVE-2026-42793
Atom table exhaustion via attacker-controlled GraphQL SDL na - CVE-2026-44499
ZEBRA: Permanent Block Discovery Halt via Gossip Queue Satur - CVE-2026-44500
ZEBRA: Allocation Amplification in Inbound Network Deseriali
V. Comments for CVE-2025-68136
No comments yet