Cyber Resilience

CVE-2025-68133

HighPublic PoC

Published: 21 January 2026

Published
21 January 2026
Modified
06 February 2026
KEV Added
Patch
CVSS Score v3.1 7.4 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
EPSS Score 0.0003 10.4th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-68133 is a high-severity Allocation of Resources Without Limits or Throttling (CWE-770) vulnerability in Linuxfoundation Everest. Its CVSS base score is 7.4 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 10.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-10 (Concurrent Session Control) and SC-5 (Denial-of-service Protection).

Deeper analysis

CVE-2025-68133 is a denial-of-service vulnerability in EVerest, an open-source EV charging software stack. Affecting versions 2025.9.0 and below, the flaw allows an attacker to exhaust the host operating system's memory and terminate EVerest modules by establishing an unlimited number of plain TCP or TLS socket connections that do not advance to ISO 15118-2 communication. This occurs because a new thread is spawned for each incoming connection prior to any verification, and the existing verification mechanism is overly permissive, leading to uncontrolled resource consumption rated at CVSS 7.4 (AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H) and mapped to CWE-770 (Allocation of Resources Without Limits or Throttling).

An adjacent-network attacker (AV:A) with no privileges or user interaction required can exploit this by rapidly initiating TCP or TLS connections to the vulnerable EVerest instance. Successful exploitation causes all EVerest processes and modules to shut down, completely disrupting EVSE (Electric Vehicle Supply Equipment) functionality and rendering charging stations inoperable.

The EVerest project addressed this in version 2025.10.0, as detailed in the GitHub security advisory (GHSA-mv3w-pp85-5h7c) and related commits (8127b8c54b296c4dd01b356ac26763f81f76a8fd and de504f0c11069010d26767b0952739e9a400cef3), which implement proper connection limits and verification prior to thread creation. Security practitioners should upgrade to 2025.10.0 or later and monitor for unusual connection volumes on EVSE deployments.

EU & UK References

Vulnerability details

EVerest is an EV charging software stack. In versions 2025.9.0 and below, an attacker can exhaust the operating system's memory and cause the module to terminate by initiating an unlimited number of TCP connections that never proceed to ISO 15118-2…

more

communication. This is possible because a new thread is started for each incoming plain TCP or TLS socket connection before any verification occurs, and the verification performed is too permissive. The EVerest processes and all its modules shut down, affecting all EVSE functionality. This issue is fixed in version 2025.10.0.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

Vulnerability enables direct exploitation for application/OS resource exhaustion (unlimited unauthenticated connections spawning threads), matching T1499.004 Endpoint Denial of Service via software exploitation.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-68136Same product: Linuxfoundation Everest
CVE-2025-68141Same product: Linuxfoundation Everest
CVE-2026-27828Same product: Linuxfoundation Everest
CVE-2025-68134Same product: Linuxfoundation Everest
CVE-2026-26008Same product: Linuxfoundation Everest
CVE-2026-33009Same product: Linuxfoundation Everest
CVE-2026-27816Same product: Linuxfoundation Everest
CVE-2026-27815Same product: Linuxfoundation Everest
CVE-2025-68137Same product: Linuxfoundation Everest
CVE-2026-23995Same product: Linuxfoundation Everest

Affected Assets

linuxfoundation
everest
≤ 2025.10.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires mechanisms to protect against or limit the effects of denial-of-service attacks that exhaust memory via unbounded TCP/TLS connections before ISO 15118-2 verification.

prevent

Enforces limits on concurrent sessions/connections, preventing the unlimited plain TCP or TLS socket connections that spawn threads and exhaust resources in EVerest.

prevent

Requires protection of system resources against exhaustion attacks, directly addressing the uncontrolled thread creation and memory consumption prior to any verification.

References