CVE-2025-68137
📋 TL;DR
An integer overflow vulnerability in EVerest EV charging software allows attackers to trigger either infinite loops or stack buffer overflows by sending specially crafted packets. This affects all EVerest installations prior to version 2025.10.0, potentially disrupting charging operations or enabling remote code execution.
💻 Affected Systems
- EVerest EV charging software stack
📦 What is this software?
Everest by Linuxfoundation
⚠️ Risk & Real-World Impact
Worst Case
Remote code execution leading to complete system compromise, service disruption of EV charging infrastructure, or data exfiltration from charging management systems.
Likely Case
Service disruption through denial of service (infinite loop) or potential remote code execution via buffer overflow, compromising charging station availability.
If Mitigated
Limited impact if network segmentation prevents external access, but internal systems could still be affected by malicious internal actors.
🎯 Exploit Status
Exploitation requires crafting specific network packets but doesn't require authentication. The advisory provides technical details that could aid exploit development.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2025.10.0
Vendor Advisory: https://github.com/EVerest/everest-core/security/advisories/GHSA-7qq4-q9r8-wc7w
Restart Required: Yes
Instructions:
1. Update EVerest to version 2025.10.0 or later. 2. Restart all EVerest services. 3. Verify the update was successful by checking the version.
🔧 Temporary Workarounds
Network Segmentation
allIsolate EVerest systems from untrusted networks to prevent external exploitation.
Firewall Rules
linuxRestrict network access to EVerest services to only trusted IP addresses.
iptables -A INPUT -p tcp --dport [EVEREST_PORT] -s [TRUSTED_IP] -j ACCEPT
iptables -A INPUT -p tcp --dport [EVEREST_PORT] -j DROP
🧯 If You Can't Patch
- Implement strict network segmentation to isolate EVerest systems from untrusted networks.
- Deploy intrusion detection systems to monitor for exploitation attempts and anomalous traffic patterns.
🔍 How to Verify
Check if Vulnerable:
Check EVerest version - if below 2025.10.0, the system is vulnerable.Check Version:
Check EVerest configuration files or use 'everest --version' if available.Verify Fix Applied:
Confirm EVerest version is 2025.10.0 or higher and test charging functionality.📡 Detection & Monitoring
Log Indicators:
- Unusual network connection attempts to EVerest ports
- Service crashes or restarts
- High CPU usage from EVerest processes
Network Indicators:
- Malformed packets to EVerest ports
- Unexpected traffic patterns to charging infrastructure
SIEM Query:
source="EVEREST" AND (event_type="crash" OR event_type="high_cpu") OR dest_port=[EVEREST_PORT] AND packet_size>normal