CVE-2025-68141
Published: 21 January 2026
Summary
CVE-2025-68141 is a high-severity NULL Pointer Dereference (CWE-476) vulnerability in Linuxfoundation Everest. Its CVSS base score is 7.4 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 20.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SC-24 (Fail in Known State).
Deeper analysis
CVE-2025-68141 is a null pointer dereference vulnerability (CWE-476) in the EVerest EV charging software stack, affecting versions prior to 2025.10.0. The issue arises during deserialization of a DC_ChargeLoopRes message containing Receipt and TaxCosts data, where the vector<DetailedTax>tax_costs in the target Receipt structure is accessed out of bounds. This occurs specifically in the templated convert method: template <> void convert(const struct iso20_dc_DetailedTaxType& in, datatypes::DetailedTax& out), leading to module termination. The vulnerability has a CVSS v3.1 base score of 7.4 (AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H).
An adjacent network attacker with no privileges or user interaction required can exploit this by sending a specially crafted DC_ChargeLoopRes message. Successful exploitation triggers a null pointer dereference, causing the affected EVerest module to crash, which shuts down all EVerest processes and modules. This results in a high-impact denial of service, rendering all connected Electric Vehicle Supply Equipment (EVSE) inoperable.
The GitHub Security Advisory at https://github.com/EVerest/everest-core/security/advisories/GHSA-ph4w-r9q8-vm9h details the issue and confirms that upgrading to version 2025.10.0 resolves the vulnerability by addressing the out-of-bounds access in the deserialization logic.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-206315
Vulnerability details
EVerest is an EV charging software stack. Prior to version 2025.10.0, during the deserialization of a `DC_ChargeLoopRes` message that includes Receipt as well as TaxCosts, the vector `<DetailedTax>tax_costs` in the target `Receipt` structure is accessed out of bounds. This occurs…
more
in the method `template <> void convert(const struct iso20_dc_DetailedTaxType& in, datatypes::DetailedTax& out)` which leads to a null pointer dereference and causes the module to terminate. The EVerest processes and all its modules shut down, affecting all EVSE. Version 2025.10.0 fixes the issue.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Null pointer dereference in message deserialization directly enables application/system crash via crafted network message (T1499.004 Application or System Exploitation).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly enforces validation of untrusted DC_ChargeLoopRes message fields (Receipt/TaxCosts) before deserialization to block the out-of-bounds vector access and resulting null dereference.
Requires the convert() routine and EVerest modules to handle malformed DetailedTax input gracefully instead of dereferencing null and terminating all EVSE processes.
Ensures the charging stack fails in a known state that isolates the crash to the affected module rather than shutting down every EVerest process and all connected EVSE.