CVE-2025-68141 – A null pointer dereference vulnerability in EVe... (How to Fix)

Q: What is the severity of CVE-2025-68141?

CVE-2025-68141 has a CVSS score of 7.4 (HIGH). A null pointer dereference vulnerability in EVerest EV charging software allows remote attackers to cause denial of service by sending specially crafted DC_ChargeLoopRes messages. This affects all EVerest installations prior to version 2025.10.0, potentially disrupting EV charging operations.

📋 TL;DR

A null pointer dereference vulnerability in EVerest EV charging software allows remote attackers to cause denial of service by sending specially crafted DC_ChargeLoopRes messages. This affects all EVerest installations prior to version 2025.10.0, potentially disrupting EV charging operations.

💻 Affected Systems

Products:

EVerest EV charging software stack

Versions: All versions prior to 2025.10.0

Operating Systems: Linux-based systems running EVerest

Default Config Vulnerable: ⚠️ Yes

Notes: Affects systems processing DC_ChargeLoopRes messages with Receipt and TaxCosts components.

📦 What is this software?

Everest by Linuxfoundation

View all CVEs affecting Everest →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete shutdown of all EVerest modules and processes, rendering EV charging stations inoperable across an entire network or facility.

🟠

Likely Case

Service disruption affecting multiple EV charging stations when malicious messages are processed, requiring manual restart of affected systems.

🟢

If Mitigated

Limited impact to individual charging sessions if proper network segmentation and monitoring are in place.

🌐 Internet-Facing: MEDIUM - Requires sending specially crafted messages to vulnerable endpoints, but many EV charging systems have internet-facing interfaces.

🏢 Internal Only: HIGH - Internal attackers or compromised systems could easily exploit this to disrupt charging operations.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires sending malformed messages to vulnerable endpoints but does not require authentication.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2025.10.0

Vendor Advisory: https://github.com/EVerest/everest-core/security/advisories/GHSA-ph4w-r9q8-vm9h

Restart Required: Yes

Instructions:

1. Update EVerest to version 2025.10.0 or later. 2. Restart all EVerest modules and processes. 3. Verify the update was successful.

🔧 Temporary Workarounds

Network filtering

all

Block or filter DC_ChargeLoopRes messages containing Receipt with TaxCosts at network perimeter

Process monitoring and auto-restart

linux

Implement monitoring to detect EVerest process termination and automatically restart services

systemctl enable everest-monitor
systemctl start everest-monitor

🧯 If You Can't Patch

Implement strict network segmentation to isolate EV charging systems from untrusted networks
Deploy intrusion detection systems to monitor for malformed charging protocol messages

🔍 How to Verify

Check if Vulnerable:

Check EVerest version: if version is earlier than 2025.10.0, system is vulnerable

Check Version:

everest --version or check package manager (apt list --installed | grep everest)

Verify Fix Applied:

Confirm version is 2025.10.0 or later and test with valid DC_ChargeLoopRes messages

📡 Detection & Monitoring

Log Indicators:

EVerest process termination logs
Segmentation fault or null pointer errors in system logs
Unexpected service restarts

Network Indicators:

Unusual volume of DC_ChargeLoopRes messages
Messages with malformed Receipt/TaxCosts structures

SIEM Query:

source="everest.log" AND ("segmentation fault" OR "null pointer" OR "process terminated")

📊 Metadata

CVE ID: CVE-2025-68141

CVSS v3 Score: 7.4 (HIGH)

CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

CWE: CWE-476

EPSS Score: 0.03% exploit probability (7.3th percentile)

Published: January 21, 2026

Last Updated: February 6, 2026

🔗 References

https://github.com/EVerest/everest-core/security/advisories/GHSA-ph4w-r9q8-vm9h Exploit,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-68141, you might also want to check these: