CVE-2025-68133
BaseFortify
Publication date: 2026-01-21
Last updated on: 2026-02-06
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linuxfoundation | everest | to 2025.10.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-770 | The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-68133 is a denial-of-service (DoS) vulnerability in the EVerest EV charging software stack's EvseV2G module. In versions 2025.9.0 and below, the system starts a new thread for each incoming TCP or TLS connection before verifying it properly. Because the verification is too permissive and no limits are imposed on the number of concurrent connections, an attacker can open an unlimited number of TCP or TLS connections that never proceed to ISO 15118-2 communication. This exhausts the operating system's memory, causing the EVerest processes and all its modules to shut down, disrupting EVSE functionality. The issue is fixed in version 2025.10.0. [1]
How can this vulnerability impact me? :
This vulnerability can cause a denial-of-service condition by exhausting the operating system's memory resources through unlimited TCP or TLS connections. As a result, the EVerest processes and all its modules terminate, leading to a shutdown of Electric Vehicle Supply Equipment (EVSE) operations. This disruption can affect the availability of EV charging services, potentially causing downtime and service interruptions. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for an unusually high number of simultaneous TCP or TLS connections to the EVerest EvseV2G module that do not proceed to ISO 15118-2 communication. A proof-of-concept used millions of TLS connections via the command `openssl s_client` to trigger the issue. To detect potential exploitation, you can use network monitoring tools or commands such as `netstat -an | grep <EVerest_port>` or `ss -s` to observe the number of TCP/TLS connections. Additionally, checking system logs for OpenSSL accept failures or Linux Out-Of-Memory (OOM) killer events related to the EVerest process can indicate the vulnerability being triggered. [1]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to upgrade the EVerest EvseV2G module to version 2025.10.0 or later, where the vulnerability is fixed. The patch introduces a boolean flag `connection_initiated` to ensure only one connection is accepted and processed at a time, rejecting additional incoming connections while one is active. Until the upgrade can be applied, consider implementing network-level protections such as limiting the number of simultaneous TCP/TLS connections to the affected service or using firewall rules to restrict access from untrusted sources to reduce the risk of resource exhaustion. [1, 3]