CVE-2025-68140
📋 TL;DR
This vulnerability allows attackers to bypass session validation in EVerest EV charging software by sending V2G messages with session ID 0 when no session is registered. This enables unauthorized MQTT message emission and communication with V2G handlers, potentially manipulating charging sessions. All EVerest deployments prior to version 2025.9.0 are affected.
💻 Affected Systems
- EVerest EV charging software stack
📦 What is this software?
Everest by Linuxfoundation
⚠️ Risk & Real-World Impact
Worst Case
Attackers could manipulate charging sessions, disrupt charging operations, inject malicious MQTT messages, or interfere with vehicle-to-grid communications.
Likely Case
Unauthorized access to session contexts, potential manipulation of charging parameters, and unauthorized MQTT message injection.
If Mitigated
Limited impact if proper network segmentation and access controls are in place, but session manipulation remains possible.
🎯 Exploit Status
Exploitation requires sending specially crafted V2G messages with session ID 0 when no session is active.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2025.9.0
Vendor Advisory: https://github.com/EVerest/everest-core/security/advisories/GHSA-w385-3jwp-x47x
Restart Required: Yes
Instructions:
1. Update EVerest to version 2025.9.0 or later. 2. Restart all EVerest services. 3. Verify the fix by testing session validation.
🔧 Temporary Workarounds
Session validation enhancement
allImplement additional session validation checks to reject messages with session ID 0 when no session is registered.
# Requires code modification to add session validation logic
Network segmentation
linuxRestrict access to V2G message interfaces to authorized systems only.
# Configure firewall rules to limit V2G port access
# Example: iptables -A INPUT -p tcp --dport [V2G_PORT] -s [TRUSTED_NETWORK] -j ACCEPT
🧯 If You Can't Patch
- Implement strict network access controls to limit V2G message interface exposure
- Monitor for unusual MQTT messages or session ID 0 usage in logs
🔍 How to Verify
Check if Vulnerable:
Check EVerest version: if version < 2025.9.0, system is vulnerable. Test by sending V2G message with session ID 0 when no session is active.Check Version:
everest --version or check package manager for installed versionVerify Fix Applied:
After patching, attempt to send V2G message with session ID 0 when no session is active - it should be rejected. Verify version is 2025.9.0 or later.📡 Detection & Monitoring
Log Indicators:
- V2G messages with session ID 0 being accepted
- Unauthorized MQTT message emissions
- Session context updates from unauthenticated sources
Network Indicators:
- Unusual V2G message traffic patterns
- MQTT messages from unexpected sources
SIEM Query:
source="everest" AND (session_id=0 OR "V2G message accepted" OR "unauthorized MQTT")