CVE-2025-68136 – This vulnerability in EVerest EV charging softw... (How to Fix)

Q: What is the severity of CVE-2025-68136?

CVE-2025-68136 has a CVSS score of 7.4 (HIGH). This vulnerability in EVerest EV charging software allows attackers to cause denial of service through null pointer dereference when handling SDP requests. The issue affects EV charging stations running vulnerable EVerest versions, potentially disrupting charging operations.

📋 TL;DR

This vulnerability in EVerest EV charging software allows attackers to cause denial of service through null pointer dereference when handling SDP requests. The issue affects EV charging stations running vulnerable EVerest versions, potentially disrupting charging operations.

💻 Affected Systems

Products:

EVerest EV charging software stack

Versions: All versions prior to 2025.10.0

Operating Systems: Linux-based systems running EVerest

Default Config Vulnerable: ⚠️ Yes

Notes: Affects systems using ISO15118-20 communication protocol for EV charging sessions.

📦 What is this software?

Everest by Linuxfoundation

View all CVEs affecting Everest →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete denial of service for EV charging stations, preventing vehicles from charging and potentially requiring physical intervention to restore service.

🟠

Likely Case

Intermittent charging station crashes or instability during ISO15118-20 communication sessions, disrupting charging operations.

🟢

If Mitigated

Limited impact with proper network segmentation and monitoring, though service interruptions may still occur.

🌐 Internet-Facing: HIGH - EV charging stations are often internet-connected for remote management and payment processing.

🏢 Internal Only: MEDIUM - Internal charging infrastructure could still be affected by network-based attacks.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires sending SDP requests to trigger the resource leak and subsequent null pointer dereference.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2025.10.0

Vendor Advisory: https://github.com/EVerest/everest-core/security/advisories/GHSA-4h8h-x5cp-g22r

Restart Required: Yes

Instructions:

1. Update EVerest to version 2025.10.0 or later. 2. Restart the EVerest service. 3. Verify the update was successful.

🔧 Temporary Workarounds

Network isolation

linux

Restrict network access to EVerest services to trusted networks only

iptables -A INPUT -p tcp --dport [EVEREST_PORT] -s [TRUSTED_NETWORK] -j ACCEPT
iptables -A INPUT -p tcp --dport [EVEREST_PORT] -j DROP

🧯 If You Can't Patch

Implement strict network segmentation to isolate charging infrastructure from untrusted networks
Deploy rate limiting and monitoring for SDP requests to detect potential exploitation attempts

🔍 How to Verify

Check if Vulnerable:

Check EVerest version: if version is earlier than 2025.10.0, system is vulnerable

Check Version:

everest --version or check package manager (apt/dnf/yum) for installed version

Verify Fix Applied:

Confirm EVerest version is 2025.10.0 or later and monitor for stable operation during charging sessions

📡 Detection & Monitoring

Log Indicators:

Multiple SDP request failures
Unexpected process crashes or restarts
Null pointer exception errors in logs

Network Indicators:

Unusual volume of SDP requests
TCP connection attempts to ISO15118-20 ports from untrusted sources

SIEM Query:

source="everest.log" AND ("null pointer" OR "segmentation fault" OR "SDP error")

📊 Metadata

CVE ID: CVE-2025-68136

CVSS v3 Score: 7.4 (HIGH)

CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

CWE: CWE-770

EPSS Score: 0.03% exploit probability (6.7th percentile)

Published: January 21, 2026

Last Updated: February 6, 2026

🔗 References

https://github.com/EVerest/everest-core/security/advisories/GHSA-4h8h-x5cp-g22r Exploit,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-68136, you might also want to check these: