CVE-2025-68134

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-68134
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-68134.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-68134
Aliases
  • GHSA-cxc5-rrj5-8pf3
Published
2026-01-21T18:32:13.882Z
Modified
2026-03-13T03:42:37.844028Z
Severity
  • 7.4 (High) CVSS_V3 - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H CVSS Calculator
Summary
EVerest's use of assert functions can potentially lead to denial of service
Details

EVerest is an EV charging software stack. Prior to version 2025.10.0, the use of the assert function to handle errors frequently causes the module to crash. This is particularly critical because the manager shuts down all other modules and exits when any one of them terminates, leading to a denial of service. In a context where a manager handles multiple EVSE, this would also impact other users. Version 2025.10.0 fixes the issue.

Database specific 
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/68xxx/CVE-2025-68134.json",
    "cwe_ids": [
        "CWE-20"
    ],
    "cna_assigner": "GitHub_M"
}
References

Affected packages

Git / github.com/everest/everest-core

Affected ranges

Type
GIT
Repo
https://github.com/everest/everest-core
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
c86cd9c0ada60b5797f574fd484eae4d8330017d
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "2025.10.0"
        }
    ]
}

Affected versions

2022.*
2022.12.0
2022.12.1
2023.*
2023.1.0
2023.10.0
2023.12.0
2023.2.0
2023.2.1
2023.3.0
2023.5.0
2023.6.0
2023.7.0
2023.8.0
2023.9.0
2023.9.1
2024.*
2024.1.0
2024.10.0
2024.11.0
2024.2.0
2024.3.0-rc1
2024.4.0
2024.5.0
2024.6.0-rc1
2024.6.0-rc2
2024.7.0
2024.7.1
2024.8.0
2024.9.0-rc1
2025.*
2025.1.0-rc1
2025.1.0-rc2
2025.2.0
2025.3.0
2025.4.0-rc1
2025.5.0
2025.6.0
2025.7.0
2025.7.0-rc1
2025.8.0
2025.9.0

Database specific

vanir_signatures 
[
    {
        "target": {
            "file": "modules/EVSE/Auth/tests/auth_tests.cpp"
        },
        "id": "CVE-2025-68134-aed155c7",
        "digest": {
            "line_hashes": [
                "243003712789178062503146303338281965718",
                "28960150712886505085483741986671241515",
                "168243888782963850779708053776925040017",
                "301503089711335497483477796302426921625",
                "266559291961740525977226234582463159260",
                "14112705696940663726721188972121718934",
                "229722161894950827463204315700879441599",
                "171855750029820596888200642603912303410",
                "1847160579080647096042318630878208024"
            ],
            "threshold": 0.9
        },
        "source": "https://github.com/everest/everest-core/commit/c86cd9c0ada60b5797f574fd484eae4d8330017d",
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Line"
    },
    {
        "target": {
            "function": "TEST_F",
            "file": "modules/EVSE/Auth/tests/auth_tests.cpp"
        },
        "id": "CVE-2025-68134-e210278c",
        "digest": {
            "function_hash": "274524476206042087287404301418060636027",
            "length": 1807.0
        },
        "source": "https://github.com/everest/everest-core/commit/c86cd9c0ada60b5797f574fd484eae4d8330017d",
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Function"
    }
]
source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-68134.json"