CVE-2025-68134
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2026-01-21

Last updated on: 2026-02-06

Assigner: GitHub, Inc.

Description
EVerest is an EV charging software stack. Prior to version 2025.10.0, the use of the `assert` function to handle errors frequently causes the module to crash. This is particularly critical because the manager shuts down all other modules and exits when any one of them terminates, leading to a denial of service. In a context where a manager handles multiple EVSE, this would also impact other users. Version 2025.10.0 fixes the issue.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-21
Last Modified
2026-02-06
Generated
2026-06-16
AI Q&A
2026-01-21
EPSS Evaluated
2026-06-15
NVD
CVE-2025-68134
EUVD
EUVD-2025-206324
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linuxfoundation everest to 2025.10.0 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-20 The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability in the EVerest EV charging software occurs because the code uses the C++ assert function improperly in production. Specifically, in the deserialization of ChargeLoop request messages, if an unexpected control mode is encountered, the code triggers assert(false), causing the module to crash. When any module crashes, the EVerest manager shuts down all other modules and exits, leading to a denial of service. This improper error handling causes the entire system managing multiple EV charging units to become unavailable. [1]

Mitigation Strategies

The immediate mitigation step is to upgrade the EVerest EVSE15118D20 package to version 2025.10.0 or later, where the vulnerability is fixed by replacing the use of `assert` with proper error handling. Until the upgrade can be applied, consider isolating the affected system from adjacent networks to reduce the risk of exploitation, and monitor the system for crashes to respond quickly. Avoid running vulnerable versions in production environments to prevent denial of service. [1]

Impact Analysis

The vulnerability can cause a denial of service (DoS) in environments where the EVerest manager controls multiple Electric Vehicle Supply Equipment (EVSE) units. If one module crashes due to this vulnerability, the manager shuts down all other modules and exits, disrupting service for all users relying on those EVSE units. This results in high availability impact, meaning charging services can be unexpectedly interrupted without any user interaction or privileges required by an attacker. [1]

Detection Guidance

Detection of this vulnerability involves identifying if your system is running a vulnerable version of the EVerest EVSE15118D20 package prior to 2025.10.0. Additionally, monitoring for crashes or unexpected shutdowns of the EVerest manager module can indicate exploitation. Since the issue causes the module to crash due to assertion failures, checking logs for assertion failure messages related to 'libiso15118/src/iso15118/message/dc_charge_loop.cpp' at or near line 97 can help detect the problem. Commands to check the installed version might include: `dpkg -l | grep everest` (on Debian-based systems) or `rpm -qa | grep everest` (on RPM-based systems). To monitor logs, commands like `journalctl -u everest-manager.service` or `grep assert /var/log/everest.log` may be useful depending on your logging setup. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-68134. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart