CVE-2025-68137

low-risk

Published 2026-01-21

EVerest is an EV charging software stack. Prior to version 2025.10.0, an integer overflow occurring in `SdpPacket::parse_header()` allows the current buffer length to be set to 7 after a complete header of size 8 has been read. The remaining length to read is computed using the current length subtracted by the header length which results in a negative value. This value is then interpreted as `SIZE_MAX` (or slightly less) because the expected type of the argument is `size_t`. Depending on whether the server is plain TCP or TLS, this leads to either an infinite loop or a stack buffer overflow. Version 2025.10.0 fixes the issue.

Do I need to act?

0.03% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 8.3/10 High

ADJACENT_NETWORK / HIGH complexity

Affected Products (1)

Everest

Affected Vendors

Linuxfoundation

References (1)

Exploit https://github.com/EVerest/everest-core/security/advisories/GHSA-7qq4-q9r8-wc7w

/ 100

low-risk

Severity 22/34 · High

Exploitability 0/34 · Minimal

Exposure 5/34 · Minimal