CVE

CVE-2025-68141

EVerest vulnerable to null pointer dereference during DC_ChargeLoopRes document deserialization

CVE

CVE-2025-68141

EVerest vulnerable to null pointer dereference during DC_ChargeLoopRes document deserialization

EVerest is an EV charging software stack. Prior to version 2025.10.0, during the deserialization of a DC_ChargeLoopRes message that includes Receipt as well as TaxCosts, the vector <DetailedTax>tax_costs in the target Receipt structure is accessed out of bounds. This occurs in the method template <> void convert(const struct iso20dcDetailedTaxType& in, datatypes::DetailedTax& out) which leads to a null pointer dereference and causes the module to terminate. The EVerest processes and all its modules shut down, affecting all EVSE. Version 2025.10.0 fixes the issue.

Package Versions Affected

No items found.

Automatically patch vulnerabilities without upgrading

Fix Without Upgrading

Detect compatible fix

Apply safe remediation

Fix with a single pull request

CVSS Version

7.4

3.1

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

3.1

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Related Resources

No items found.

References

https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/68xxx/CVE-2025-68141.json, https://github.com/EVerest/everest-core/security/advisories/GHSA-ph4w-r9q8-vm9h, https://nvd.nist.gov/vuln/detail/CVE-2025-68141

Severity

7.4

CVSS Score

Basic Information

Ecosystem

Base CVSS

7.4

EPSS Probability

0.00053%

EPSS Percentile

0.16339%

Introduced Version

Fix Available

c86cd9c0ada60b5797f574fd484eae4d8330017d

Fix Critical Vulnerabilities Instantly

Secure your app without upgrading.

Fix Without Upgrading

Get a Demo

Let's Patch It!

CVE-2025-68141

CVE-2025-68141

Package Versions Affected

Automatically patch vulnerabilities without upgrading

CVSS Version

Related Resources

References

Severity

7.4

Basic Information

Fix Critical Vulnerabilities Instantly