CVE-2025-68137
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2026-01-21

Last updated on: 2026-02-06

Assigner: GitHub, Inc.

Description
EVerest is an EV charging software stack. Prior to version 2025.10.0, an integer overflow occurring in `SdpPacket::parse_header()` allows the current buffer length to be set to 7 after a complete header of size 8 has been read. The remaining length to read is computed using the current length subtracted by the header length which results in a negative value. This value is then interpreted as `SIZE_MAX` (or slightly less) because the expected type of the argument is `size_t`. Depending on whether the server is plain TCP or TLS, this leads to either an infinite loop or a stack buffer overflow. Version 2025.10.0 fixes the issue.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-21
Last Modified
2026-02-06
Generated
2026-06-16
AI Q&A
2026-01-21
EPSS Evaluated
2026-06-15
NVD
CVE-2025-68137
EUVD
EUVD-2025-206317
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linuxfoundation everest to 2025.10.0 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-835 The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.
CWE-120 The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-68137 is a high-severity vulnerability in the EVerest EV charging software stack caused by an integer overflow in the SdpPacket::parse_header() function. When parsing a header, an integer overflow causes the computed buffer length to be incorrectly set between 0 and 7 instead of a larger correct size. This leads to a negative remaining length value that is interpreted as a very large unsigned number (SIZE_MAX). Depending on the connection type, this causes either an infinite loop (plain TCP) or a stack buffer overflow (TLS). The overflow can overwrite critical memory areas, potentially allowing arbitrary code execution. The issue is fixed in version 2025.10.0. [1]

Impact Analysis

This vulnerability can cause denial of service through infinite loops on plain TCP connections or stack buffer overflows on TLS connections. The buffer overflow can corrupt memory, including critical variables, potentially allowing attackers to execute arbitrary code. This can compromise the confidentiality, integrity, and availability of the affected system. [1]

Detection Guidance

This vulnerability can be detected by monitoring for abnormal behavior such as infinite loops or crashes in the EVerest EV charging software prior to version 2025.10.0. Specifically, detection can involve sending malformed SDP requests that trigger the integer overflow in the SdpPacket::parse_header() function. A proof-of-concept Python script exists that sends such malformed SDP requests and TLS payloads to trigger the overflow, which can be used as a detection tool. Additionally, monitoring for repeated failed read() system calls or unusual SSL_read_ex() behavior may indicate exploitation attempts. However, no specific commands are provided in the resources. [1]

Mitigation Strategies

The immediate mitigation step is to upgrade the EVerest software to version 2025.10.0 or later, where the integer overflow issue in SdpPacket::parse_header() has been fixed. Until the upgrade can be applied, consider restricting access to the vulnerable service to trusted networks only, and monitor for suspicious activity such as infinite loops or crashes. Applying network-level protections to block malformed SDP packets may also help reduce risk. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-68137. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart