Cyber Resilience

CVE-2025-68141

HighPublic PoC

Published: 21 January 2026

Published
21 January 2026
Modified
06 February 2026
KEV Added
Patch
CVSS Score v3.1 7.4 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
EPSS Score 0.0007 20.6th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-68141 is a high-severity NULL Pointer Dereference (CWE-476) vulnerability in Linuxfoundation Everest. Its CVSS base score is 7.4 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 20.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SC-24 (Fail in Known State).

Deeper analysis

CVE-2025-68141 is a null pointer dereference vulnerability (CWE-476) in the EVerest EV charging software stack, affecting versions prior to 2025.10.0. The issue arises during deserialization of a DC_ChargeLoopRes message containing Receipt and TaxCosts data, where the vector<DetailedTax>tax_costs in the target Receipt structure is accessed out of bounds. This occurs specifically in the templated convert method: template <> void convert(const struct iso20_dc_DetailedTaxType& in, datatypes::DetailedTax& out), leading to module termination. The vulnerability has a CVSS v3.1 base score of 7.4 (AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H).

An adjacent network attacker with no privileges or user interaction required can exploit this by sending a specially crafted DC_ChargeLoopRes message. Successful exploitation triggers a null pointer dereference, causing the affected EVerest module to crash, which shuts down all EVerest processes and modules. This results in a high-impact denial of service, rendering all connected Electric Vehicle Supply Equipment (EVSE) inoperable.

The GitHub Security Advisory at https://github.com/EVerest/everest-core/security/advisories/GHSA-ph4w-r9q8-vm9h details the issue and confirms that upgrading to version 2025.10.0 resolves the vulnerability by addressing the out-of-bounds access in the deserialization logic.

EU & UK References

Vulnerability details

EVerest is an EV charging software stack. Prior to version 2025.10.0, during the deserialization of a `DC_ChargeLoopRes` message that includes Receipt as well as TaxCosts, the vector `<DetailedTax>tax_costs` in the target `Receipt` structure is accessed out of bounds. This occurs…

more

in the method `template <> void convert(const struct iso20_dc_DetailedTaxType& in, datatypes::DetailedTax& out)` which leads to a null pointer dereference and causes the module to terminate. The EVerest processes and all its modules shut down, affecting all EVSE. Version 2025.10.0 fixes the issue.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

Null pointer dereference in message deserialization directly enables application/system crash via crafted network message (T1499.004 Application or System Exploitation).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-68136Same product: Linuxfoundation Everest
CVE-2025-68133Same product: Linuxfoundation Everest
CVE-2026-27828Same product: Linuxfoundation Everest
CVE-2025-68134Same product: Linuxfoundation Everest
CVE-2026-26008Same product: Linuxfoundation Everest
CVE-2026-33009Same product: Linuxfoundation Everest
CVE-2026-27816Same product: Linuxfoundation Everest
CVE-2026-27815Same product: Linuxfoundation Everest
CVE-2025-68137Same product: Linuxfoundation Everest
CVE-2026-22593Same product: Linuxfoundation Everest

Affected Assets

linuxfoundation
everest
≤ 2025.10.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly enforces validation of untrusted DC_ChargeLoopRes message fields (Receipt/TaxCosts) before deserialization to block the out-of-bounds vector access and resulting null dereference.

prevent

Requires the convert() routine and EVerest modules to handle malformed DetailedTax input gracefully instead of dereferencing null and terminating all EVSE processes.

prevent

Ensures the charging stack fails in a known state that isolates the crash to the affected module rather than shutting down every EVerest process and all connected EVSE.

References