CVE-2025-68139 – This vulnerability in EVerest EV charging softw... (How to Fix)

📋 TL;DR

This vulnerability in EVerest EV charging software allows attackers to exploit other weaknesses by keeping connections alive despite errors. All EVerest installations using default configurations are affected. The issue stems from a configuration setting that doesn't terminate connections when errors occur.

💻 Affected Systems

Products:

EVerest EV charging software stack

Versions: All versions up to and including 2025.12.1

Operating Systems: All supported platforms

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems using default configuration where terminate_connection_on_failed_response is set to False

📦 What is this software?

Everest by Linuxfoundation

View all CVEs affecting Everest →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could chain this vulnerability with other weaknesses to disrupt charging operations, manipulate charging sessions, or potentially gain unauthorized access to EV charging infrastructure.

🟠

Likely Case

Malicious users could maintain persistent connections to exploit other vulnerabilities or cause resource exhaustion, potentially leading to service degradation or charging session manipulation.

🟢

If Mitigated

With proper configuration changes, connections are terminated on errors, preventing attackers from maintaining persistent access to exploit other vulnerabilities.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires understanding of EV charging protocols and additional vulnerabilities to chain with this weakness

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: None - configuration change required

Vendor Advisory: https://github.com/EVerest/everest-core/security/advisories/GHSA-wqh4-pj54-6xv9

Restart Required: Yes

Instructions:

1. Access EVerest configuration
2. Locate terminate_connection_on_failed_response setting
3. Change value from False to True
4. Restart EVerest services

🔧 Temporary Workarounds

Configuration change mitigation

all

Change terminate_connection_on_failed_response setting from False to True

# Edit EVerest configuration file and set:
# terminate_connection_on_failed_response = true

🧯 If You Can't Patch

Implement network segmentation to isolate EV charging infrastructure
Monitor logs for unusual connection patterns and failed responses

🔍 How to Verify

Check if Vulnerable:

Check EVerest configuration file for terminate_connection_on_failed_response setting. If set to False or not present (defaults to False), system is vulnerable.

Check Version:

# Check EVerest version
everest --version

Verify Fix Applied:

Verify terminate_connection_on_failed_response is set to True in configuration and test that connections terminate properly on failed responses.

📡 Detection & Monitoring

Log Indicators:

Multiple failed responses without connection termination
Unusually long connection durations with error patterns

Network Indicators:

Persistent connections despite protocol errors
Abnormal charging session durations

SIEM Query:

source="everest" AND ("failed response" OR "connection error") AND NOT "terminating connection"

📊 Metadata

CVE ID: CVE-2025-68139

CVSS v3 Score: 4.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CWE: CWE-384

EPSS Score: 0.02% exploit probability (5.7th percentile)

Published: January 21, 2026

Last Updated: February 6, 2026

🔗 References

https://github.com/EVerest/everest-core/security/advisories/GHSA-wqh4-pj54-6xv9 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-68139, you might also want to check these: