CVE-2025-68132 – This vulnerability in EVerest EV charging softw... (How to Fix)

Q: What is the severity of CVE-2025-68132?

CVE-2025-68132 has a CVSS score of 4.6 (MEDIUM). This vulnerability in EVerest EV charging software allows attackers to crash the process by sending malformed SLIP frames via serial input. It affects systems using the DZG_GSH01 powermeter SLIP parser before version 2025.12.0. The out-of-bounds read occurs during CRC verification when insufficient bytes are present.

📋 TL;DR

This vulnerability in EVerest EV charging software allows attackers to crash the process by sending malformed SLIP frames via serial input. It affects systems using the DZG_GSH01 powermeter SLIP parser before version 2025.12.0. The out-of-bounds read occurs during CRC verification when insufficient bytes are present.

💻 Affected Systems

Products:

EVerest EV charging software stack

Versions: All versions prior to 2025.12.0

Operating Systems: Linux-based systems running EVerest

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems using DZG_GSH01 powermeter with SLIP parser enabled via serial interface.

📦 What is this software?

Everest by Linuxfoundation

View all CVEs affecting Everest →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete denial of service for EV charging operations, potentially disrupting charging sessions and requiring manual restart of charging equipment.

🟠

Likely Case

Process crash requiring system restart, temporarily disabling charging functionality until service is restored.

🟢

If Mitigated

No impact if patched or if serial input is properly isolated from untrusted sources.

🌐 Internet-Facing: LOW - Requires direct serial access, not typically internet-exposed.

🏢 Internal Only: MEDIUM - Serial interfaces may be accessible to attackers with physical or network access to charging infrastructure.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW - Simple malformed packet injection via serial interface.

Exploitation requires access to serial interface, which may require physical proximity or compromised network access to serial-over-IP converters.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2025.12.0

Vendor Advisory: https://github.com/EVerest/everest-core/security/advisories/GHSA-79gc-m8w6-9hx5

Restart Required: Yes

Instructions:

1. Update EVerest to version 2025.12.0 or later. 2. Restart the EVerest service. 3. Verify the fix by checking version and monitoring for crashes.

🔧 Temporary Workarounds

Serial Access Restriction

all

Restrict physical and network access to serial interfaces used by EVerest.

# Configure firewall rules to block unauthorized access to serial-over-IP ports
# Implement physical security controls for serial ports

Input Validation Enhancement

linux

Add size checks before accessing vector elements in custom builds.

// Add: if (vec.size() < 2) return false; before vec[vec.size()-1] access

🧯 If You Can't Patch

Isolate serial interfaces from untrusted networks using firewalls and VLAN segmentation.
Implement monitoring for process crashes and automatic restart mechanisms to minimize downtime.

🔍 How to Verify

Check if Vulnerable:

Check EVerest version and review code for is_message_crc_correct function without size validation.

Check Version:

everest --version or check package manager for everest-core version

Verify Fix Applied:

Confirm version is 2025.12.0+ and test with malformed SLIP frames to ensure no crashes occur.

📡 Detection & Monitoring

Log Indicators:

Process crash logs from EVerest service
Segmentation fault errors in system logs
Unexpected service restarts

Network Indicators:

Unusual serial traffic patterns
Malformed SLIP frames on serial interfaces

SIEM Query:

source="systemd" AND "everest" AND ("segmentation fault" OR "crash" OR "SIGSEGV")

📊 Metadata

CVE ID: CVE-2025-68132

CVSS v3 Score: 4.6 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-125

EPSS Score: 0.02% exploit probability (5.6th percentile)

Published: January 21, 2026

Last Updated: February 6, 2026

🔗 References

https://github.com/EVerest/everest-core/commit/b8139b95144e3fe0082789b7fafe4e532ee494a1 Patch
https://github.com/EVerest/everest-core/security/advisories/GHSA-79gc-m8w6-9hx5 Exploit,Mitigation,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-68132, you might also want to check these: