CVE-2025-68140
BaseFortify
Publication date: 2026-01-21
Last updated on: 2026-02-06
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linuxfoundation | everest | to 2025.9.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-863 | The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-68140 is a vulnerability in the EVerest EV charging software stack before version 2025.9.0. The issue occurs because when no session is registered, the default session ID is set to 0. The system checks if the submitted session ID matches the registered one, but since the default is 0, any message with a session ID of 0 is accepted as valid. This allows an attacker to send unauthorized and anonymous V2G messages via MQTT, bypassing session verification and potentially altering session context without authentication. [1]
How can this vulnerability impact me? :
This vulnerability can allow an attacker to send unauthorized and anonymous MQTT messages to the V2G message handlers, bypassing session ID verification. As a result, the attacker can indirectly emit messages and update the session context without proper authentication, potentially compromising the integrity of the session and the EV charging communication process. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves monitoring MQTT messages for V2G communications that use a session ID of 0, which should not normally be accepted if a session is registered. You can inspect MQTT traffic for messages with session ID 0 to identify unauthorized or anonymous emissions. For example, using MQTT client tools or network packet capture tools like tcpdump or Wireshark, filter for MQTT messages and check the payload for session ID fields set to 0. Specific commands could include: 1) Using tcpdump to capture MQTT traffic: tcpdump -i <interface> -w mqtt_traffic.pcap port 1883 2) Using Wireshark to filter MQTT messages and inspect session ID fields for 0 3) Using MQTT client subscribe commands to monitor topics related to V2G messages and log messages with session ID 0. However, no exact commands are provided in the resources. [1]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to upgrade the everest-core package to version 2025.9.0 or later, where this vulnerability has been fixed. This update corrects the session ID verification logic to prevent acceptance of messages with a default session ID of 0 when no session is registered. Until the update is applied, monitoring and filtering MQTT messages with session ID 0 may help reduce risk. [1]