Everest Core
by Everest
Source repositories
CVEs (31)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-24003 | 0.00 | — | 0.00 | Jan 26, 2026 | EVerest is an EV charging software stack. In versions up to and including 2025.12.1, it is possible to bypass the sequence state verification including authentication, and send requests that transition to forbidden states relative to the current one, thereby updating the current… | |||
| CVE-2025-68141 | 0.00 | — | 0.00 | Jan 21, 2026 | EVerest is an EV charging software stack. Prior to version 2025.10.0, during the deserialization of a `DC_ChargeLoopRes` message that includes Receipt as well as TaxCosts, the vector `tax_costs` in the target `Receipt` structure is accessed out of bounds. This… | |||
| CVE-2025-68140 | 0.00 | — | 0.00 | Jan 21, 2026 | EVerest is an EV charging software stack. Prior to version 2025.9.0, once the validity of the received V2G message has been verified, it is checked whether the submitted session ID matches the registered one. However, if no session has been registered, the default value is 0.… | |||
| CVE-2025-68139 | 0.00 | — | 0.00 | Jan 21, 2026 | EVerest is an EV charging software stack. In all versions up to and including 2025.12.1, the default value for `terminate_connection_on_failed_response` is `False`, which leaves the responsibility for session and connection termination to the EV. In this configuration, any… | |||
| CVE-2026-23955 | 0.00 | — | 0.00 | Jan 21, 2026 | EVerest is an EV charging software stack. Prior to version 2025.9.0, in several places, integer values are concatenated to literal strings when throwing errors. This results in pointers arithmetic instead of printing the integer value as expected, like most of interpreted… | |||
| CVE-2025-68137 | 0.00 | — | 0.00 | Jan 21, 2026 | EVerest is an EV charging software stack. Prior to version 2025.10.0, an integer overflow occurring in `SdpPacket::parse_header()` allows the current buffer length to be set to 7 after a complete header of size 8 has been read. The remaining length to read is computed using the… | |||
| CVE-2025-68136 | 0.00 | — | 0.00 | Jan 21, 2026 | EVerest is an EV charging software stack. Prior to version 2025.10.0, once the module receives a SDP request, it creates a whole new set of objects like `Session`, `IConnection` which open new TCP socket for the ISO15118-20 communications and registers callbacks for the created… | |||
| CVE-2025-68135 | 0.00 | — | 0.00 | Jan 21, 2026 | EVerest is an EV charging software stack. Prior to version 2025.10.0, C++ exceptions are not properly handled for and by the `TbdController` loop, leading to its caller and itself to silently terminates. Thus, this leads to a denial of service as it is responsible of SDP and… | |||
| CVE-2025-68134 | 0.00 | — | 0.00 | Jan 21, 2026 | EVerest is an EV charging software stack. Prior to version 2025.10.0, the use of the `assert` function to handle errors frequently causes the module to crash. This is particularly critical because the manager shuts down all other modules and exits when any one of them… | |||
| CVE-2025-68132 | 0.00 | — | 0.00 | Jan 21, 2026 | EVerest is an EV charging software stack. Prior to version 2025.12.0, `is_message_crc_correct` in the DZG_GSH01 powermeter SLIP parser reads `vec[vec.size()-1]` and `vec[vec.size()-2]` without checking that at least two bytes are present. Malformed SLIP frames on the serial link… | |||
| CVE-2025-68133 | 0.00 | — | 0.00 | Jan 21, 2026 | EVerest is an EV charging software stack. In versions 2025.9.0 and below, an attacker can exhaust the operating system's memory and cause the module to terminate by initiating an unlimited number of TCP connections that never proceed to ISO 15118-2 communication. This is… |
- CVE-2026-24003Jan 26, 2026risk 0.00cvss —epss 0.00
EVerest is an EV charging software stack. In versions up to and including 2025.12.1, it is possible to bypass the sequence state verification including authentication, and send requests that transition to forbidden states relative to the current one, thereby updating the current…
- CVE-2025-68141Jan 21, 2026risk 0.00cvss —epss 0.00
EVerest is an EV charging software stack. Prior to version 2025.10.0, during the deserialization of a `DC_ChargeLoopRes` message that includes Receipt as well as TaxCosts, the vector `tax_costs` in the target `Receipt` structure is accessed out of bounds. This…
- CVE-2025-68140Jan 21, 2026risk 0.00cvss —epss 0.00
EVerest is an EV charging software stack. Prior to version 2025.9.0, once the validity of the received V2G message has been verified, it is checked whether the submitted session ID matches the registered one. However, if no session has been registered, the default value is 0.…
- CVE-2025-68139Jan 21, 2026risk 0.00cvss —epss 0.00
EVerest is an EV charging software stack. In all versions up to and including 2025.12.1, the default value for `terminate_connection_on_failed_response` is `False`, which leaves the responsibility for session and connection termination to the EV. In this configuration, any…
- CVE-2026-23955Jan 21, 2026risk 0.00cvss —epss 0.00
EVerest is an EV charging software stack. Prior to version 2025.9.0, in several places, integer values are concatenated to literal strings when throwing errors. This results in pointers arithmetic instead of printing the integer value as expected, like most of interpreted…
- CVE-2025-68137Jan 21, 2026risk 0.00cvss —epss 0.00
EVerest is an EV charging software stack. Prior to version 2025.10.0, an integer overflow occurring in `SdpPacket::parse_header()` allows the current buffer length to be set to 7 after a complete header of size 8 has been read. The remaining length to read is computed using the…
- CVE-2025-68136Jan 21, 2026risk 0.00cvss —epss 0.00
EVerest is an EV charging software stack. Prior to version 2025.10.0, once the module receives a SDP request, it creates a whole new set of objects like `Session`, `IConnection` which open new TCP socket for the ISO15118-20 communications and registers callbacks for the created…
- CVE-2025-68135Jan 21, 2026risk 0.00cvss —epss 0.00
EVerest is an EV charging software stack. Prior to version 2025.10.0, C++ exceptions are not properly handled for and by the `TbdController` loop, leading to its caller and itself to silently terminates. Thus, this leads to a denial of service as it is responsible of SDP and…
- CVE-2025-68134Jan 21, 2026risk 0.00cvss —epss 0.00
EVerest is an EV charging software stack. Prior to version 2025.10.0, the use of the `assert` function to handle errors frequently causes the module to crash. This is particularly critical because the manager shuts down all other modules and exits when any one of them…
- CVE-2025-68132Jan 21, 2026risk 0.00cvss —epss 0.00
EVerest is an EV charging software stack. Prior to version 2025.12.0, `is_message_crc_correct` in the DZG_GSH01 powermeter SLIP parser reads `vec[vec.size()-1]` and `vec[vec.size()-2]` without checking that at least two bytes are present. Malformed SLIP frames on the serial link…
- CVE-2025-68133Jan 21, 2026risk 0.00cvss —epss 0.00
EVerest is an EV charging software stack. In versions 2025.9.0 and below, an attacker can exhaust the operating system's memory and cause the module to terminate by initiating an unlimited number of TCP connections that never proceed to ISO 15118-2 communication. This is…
Page 2 of 2