CVE-2025-68133 – This vulnerability in EVerest EV charging softw... (How to Fix)

Q: What is the severity of CVE-2025-68133?

CVE-2025-68133 has a CVSS score of 7.4 (HIGH). This vulnerability in EVerest EV charging software allows attackers to cause denial of service by exhausting system memory through unlimited TCP connections. Attackers can initiate connections that never proceed to proper ISO 15118-2 communication, causing all EVerest modules to terminate and disrupting EV charging functionality. All systems running vulnerable EVerest versions are affected.

📋 TL;DR

This vulnerability in EVerest EV charging software allows attackers to cause denial of service by exhausting system memory through unlimited TCP connections. Attackers can initiate connections that never proceed to proper ISO 15118-2 communication, causing all EVerest modules to terminate and disrupting EV charging functionality. All systems running vulnerable EVerest versions are affected.

💻 Affected Systems

Products:

EVerest EV charging software stack

Versions: 2025.9.0 and below

Operating Systems: All operating systems running EVerest

Default Config Vulnerable: ⚠️ Yes

Notes: All EVerest deployments with TCP/TLS socket connections enabled are vulnerable. The vulnerability affects the core module that handles incoming connections.

📦 What is this software?

Everest by Linuxfoundation

View all CVEs affecting Everest →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete disruption of EV charging station operations, rendering all charging functionality unavailable until manual restart.

🟠

Likely Case

Temporary denial of service affecting charging availability, requiring system restart to restore functionality.

🟢

If Mitigated

Limited impact with proper network controls and monitoring, potentially causing performance degradation but not complete failure.

🌐 Internet-Facing: HIGH - Attackers can remotely exploit this without authentication if the service is exposed to the internet.

🏢 Internal Only: MEDIUM - Internal attackers or compromised internal systems could exploit this, but requires network access to the EVerest service.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires only basic networking knowledge and tools to initiate multiple TCP connections. No authentication or special payloads needed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2025.10.0

Vendor Advisory: https://github.com/EVerest/everest-core/security/advisories/GHSA-mv3w-pp85-5h7c

Restart Required: Yes

Instructions:

1. Backup current configuration. 2. Update EVerest to version 2025.10.0 or later. 3. Restart all EVerest services. 4. Verify functionality after restart.

🔧 Temporary Workarounds

Rate limiting with firewall

linux

Implement connection rate limiting at network perimeter to prevent connection exhaustion attacks

iptables -A INPUT -p tcp --dport [EVEREST_PORT] -m state --state NEW -m recent --set
iptables -A INPUT -p tcp --dport [EVEREST_PORT] -m state --state NEW -m recent --update --seconds 60 --hitcount 20 -j DROP

Network segmentation

linux

Restrict access to EVerest service to trusted networks only

iptables -A INPUT -p tcp --dport [EVEREST_PORT] -s [TRUSTED_NETWORK] -j ACCEPT
iptables -A INPUT -p tcp --dport [EVEREST_PORT] -j DROP

🧯 If You Can't Patch

Implement strict network access controls to limit which systems can connect to EVerest service
Deploy monitoring and alerting for abnormal connection patterns to EVerest ports

🔍 How to Verify

Check if Vulnerable:

Check EVerest version: if running 2025.9.0 or earlier, system is vulnerable

Check Version:

Check EVerest configuration files or run 'everest --version' if available

Verify Fix Applied:

Confirm EVerest version is 2025.10.0 or later and test connection handling under load

📡 Detection & Monitoring

Log Indicators:

Rapid increase in TCP connection attempts to EVerest port
Multiple thread creation failures or memory exhaustion warnings
EVerest process termination logs

Network Indicators:

High volume of TCP SYN packets to EVerest port without subsequent data exchange
Multiple connections from single source to EVerest service

SIEM Query:

source="EVEREST" AND ("connection limit" OR "memory exhausted" OR "thread creation failed") OR dest_port=[EVEREST_PORT] AND tcp_flags="SYN" count by src_ip > 100

📊 Metadata

CVE ID: CVE-2025-68133

CVSS v3 Score: 7.4 (HIGH)

CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

CWE: CWE-770

EPSS Score: 0.02% exploit probability (4.2th percentile)

Published: January 21, 2026

Last Updated: February 6, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-68133, you might also want to check these: