CVE-2025-68140— EVerest allows null session ID to bypass session ID verification
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2025-68140
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
EVerest allows null session ID to bypass session ID verification
Source: NVD (National Vulnerability Database)
Vulnerability Description
EVerest is an EV charging software stack. Prior to version 2025.9.0, once the validity of the received V2G message has been verified, it is checked whether the submitted session ID matches the registered one. However, if no session has been registered, the default value is 0. Therefore, a message submitted with a session ID of 0 is accepted, as it matches the registered value. This could allow unauthorized and anonymous indirect emission of MQTT messages and communication with V2G messages handlers, updating a session context. Version 2025.9.0 fixes the issue.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
授权机制不正确
Source: NVD (National Vulnerability Database)
Vulnerability Title
everest-core 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
everest-core是EVerest开源的一个电动汽车充电软件堆栈的主要部分。 everest-core 2025.9.0之前版本存在安全漏洞,该漏洞源于会话ID默认值为0时的验证缺陷,可能导致未经授权和匿名的MQTT消息间接发送及会话上下文更新。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| EVerest | everest-core | < 2025.9.0 | - |
II. Public POCs for CVE-2025-68140
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2025-68140
请登录查看更多情报信息。
Same Patch Batch · EVerest · 2026-01-21 · 11 CVEs total
| CVE-2025-68137 | 8.4 HIGH | EVerest's Integer Overflow and Signed to Unsigned conversion lead to either stack buffer o |
| CVE-2025-68133 | 7.4 HIGH | EVerest's unlimited connections can lead to DoS through operating system resource exhausti |
| CVE-2025-68134 | 7.4 HIGH | EVerest's use of assert functions can potentially lead to denial of service |
| CVE-2025-68136 | 7.4 HIGH | EVerest's inadequate session handling can lead to memory-related errors or exhaustion of t |
| CVE-2025-68141 | 7.4 HIGH | EVerest vulnerable to null pointer dereference during DC_ChargeLoopRes document deserializ |
| CVE-2025-68135 | 6.5 MEDIUM | EVerest's inadequate exception handling leads to denial of service |
| CVE-2025-68138 | 4.7 MEDIUM | EVerest affected by memory exhaustion in libocpp |
| CVE-2025-68139 | 4.3 MEDIUM | In EVerest, by default, the EV is responsible for closing the connection if the module enc |
| CVE-2026-23955 | 4.2 MEDIUM | EVerest vulnerable to concatenation of strings literal and integers |
| CVE-2025-68132 | EVerest has out-of-bounds read in DZG_GSH01 SLIP CRC parser that can crash powermeter driv |
IV. Related Vulnerabilities
Same product: everest-core
- CVE-2026-33015
EVerest has RemoteStop Bypass via BCB Toggle Session Restart - CVE-2026-33014
EVerest has Delayed Authorization Response Bypasses Terminat - CVE-2026-33009
EVerest: MQTT Switch-Phases Command Data Race Causing Charge - CVE-2026-29044
EVerest: Charging Continues When WithdrawAuthorization Is Pr - CVE-2026-27828
EVerest: ISO15118 session_setup use-after-free can crash EVS
Same vendor: EVerest
- CVE-2026-33015
EVerest has RemoteStop Bypass via BCB Toggle Session Restart - CVE-2026-33014
EVerest has Delayed Authorization Response Bypasses Terminat - CVE-2026-33009
EVerest: MQTT Switch-Phases Command Data Race Causing Charge - CVE-2026-29044
EVerest: Charging Continues When WithdrawAuthorization Is Pr - CVE-2026-27828
EVerest: ISO15118 session_setup use-after-free can crash EVS
Same weakness: CWE-863
- CVE-2026-42571
Privilege Escalation Attack affecting Pelican Web UI - CVE-2025-15633
HCL BigFix WebUI is affected by an improper authorization vu - CVE-2026-42296
Argo Workflows has incomplete fix for CVE-2026-31892: hostNe - CVE-2025-66170
Apache CloudStack: Any user can list backups that they shoul - CVE-2026-41903
FreeScout IDOR Vulnerability: PERM_EDIT_USERS allows modifyi
V. Comments for CVE-2025-68140
No comments yet