Vulnerability Details CVE-2025-68141
EVerest is an EV charging software stack. Prior to version 2025.10.0, during the deserialization of a `DC_ChargeLoopRes` message that includes Receipt as well as TaxCosts, the vector `<DetailedTax>tax_costs` in the target `Receipt` structure is accessed out of bounds. This occurs in the method `template <> void convert(const struct iso20_dc_DetailedTaxType& in, datatypes::DetailedTax& out)` which leads to a null pointer dereference and causes the module to terminate. The EVerest processes and all its modules shut down, affecting all EVSE. Version 2025.10.0 fixes the issue.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 6.4%
CVSS Severity
CVSS v3 Score 7.4
Products affected by CVE-2025-68141
-
cpe:2.3:o:linuxfoundation:everest:2022.11.0
-
cpe:2.3:o:linuxfoundation:everest:2022.12.0
-
cpe:2.3:o:linuxfoundation:everest:2022.12.1
-
cpe:2.3:o:linuxfoundation:everest:2023.1.0
-
cpe:2.3:o:linuxfoundation:everest:2023.10.0
-
cpe:2.3:o:linuxfoundation:everest:2023.12.0
-
cpe:2.3:o:linuxfoundation:everest:2023.2.0
-
cpe:2.3:o:linuxfoundation:everest:2023.2.1
-
cpe:2.3:o:linuxfoundation:everest:2023.3.0
-
cpe:2.3:o:linuxfoundation:everest:2023.5.0
-
cpe:2.3:o:linuxfoundation:everest:2023.6.0
-
cpe:2.3:o:linuxfoundation:everest:2023.7.0
-
cpe:2.3:o:linuxfoundation:everest:2023.8.0
-
cpe:2.3:o:linuxfoundation:everest:2023.9.0
-
cpe:2.3:o:linuxfoundation:everest:2023.9.1
-
cpe:2.3:o:linuxfoundation:everest:2024.1.0
-
cpe:2.3:o:linuxfoundation:everest:2024.10.0
-
cpe:2.3:o:linuxfoundation:everest:2024.11.0
-
cpe:2.3:o:linuxfoundation:everest:2024.2.0
-
cpe:2.3:o:linuxfoundation:everest:2024.3.0
-
cpe:2.3:o:linuxfoundation:everest:2024.3.1
-
cpe:2.3:o:linuxfoundation:everest:2024.4.0
-
cpe:2.3:o:linuxfoundation:everest:2024.5.0
-
cpe:2.3:o:linuxfoundation:everest:2024.6.0
-
cpe:2.3:o:linuxfoundation:everest:2024.7.0
-
cpe:2.3:o:linuxfoundation:everest:2024.7.1
-
cpe:2.3:o:linuxfoundation:everest:2024.8.0
-
cpe:2.3:o:linuxfoundation:everest:2024.9.0
-
cpe:2.3:o:linuxfoundation:everest:2024.9.1
-
cpe:2.3:o:linuxfoundation:everest:2024.9.2
-
cpe:2.3:o:linuxfoundation:everest:2025.1.0
-
cpe:2.3:o:linuxfoundation:everest:2025.2.0
-
cpe:2.3:o:linuxfoundation:everest:2025.3.0
-
cpe:2.3:o:linuxfoundation:everest:2025.4.0
-
cpe:2.3:o:linuxfoundation:everest:2025.4.1
-
cpe:2.3:o:linuxfoundation:everest:2025.5.0
-
cpe:2.3:o:linuxfoundation:everest:2025.6.0
-
cpe:2.3:o:linuxfoundation:everest:2025.7.0
-
cpe:2.3:o:linuxfoundation:everest:2025.8.0
-
cpe:2.3:o:linuxfoundation:everest:2025.9.0