CVE-2025-68137

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-68137

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-68137.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-68137

Aliases

GHSA-7qq4-q9r8-wc7w

Published

2026-01-21T19:20:09.059Z

Modified

2026-01-22T02:56:26.549341Z

Severity

8.3 (High) CVSS_V3 - CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H CVSS Calculator

Summary

EVerest's Integer Overflow and Signed to Unsigned conversion lead to either stack buffer overflow or infinite loop

Details

EVerest is an EV charging software stack. Prior to version 2025.10.0, an integer overflow occurring in SdpPacket::parse_header() allows the current buffer length to be set to 7 after a complete header of size 8 has been read. The remaining length to read is computed using the current length subtracted by the header length which results in a negative value. This value is then interpreted as SIZE_MAX (or slightly less) because the expected type of the argument is size_t. Depending on whether the server is plain TCP or TLS, this leads to either an infinite loop or a stack buffer overflow. Version 2025.10.0 fixes the issue.

Database specific

{
    "cwe_ids": [
        "CWE-120",
        "CWE-835"
    ],
    "cna_assigner": "GitHub_M",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/68xxx/CVE-2025-68137.json"
}

References

Affected packages

Git / github.com/everest/everest-core

Affected ranges

Type

GIT

Repo

https://github.com/everest/everest-core

Events

Introduced

Fixed

c86cd9c0ada60b5797f574fd484eae4d8330017d

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "2025.10.0"
        }
    ]
}

Affected versions

2022.*

2022.12.0

2022.12.1

2023.*

2023.1.0

2023.10.0

2023.12.0

2023.2.0

2023.2.1

2023.3.0

2023.5.0

2023.6.0

2023.7.0

2023.8.0

2023.9.0

2023.9.1

2024.*

2024.1.0

2024.10.0

2024.11.0

2024.2.0

2024.3.0-rc1

2024.4.0

2024.5.0

2024.6.0-rc1

2024.6.0-rc2

2024.7.0

2024.7.1

2024.8.0

2024.9.0-rc1

2025.*

2025.1.0-rc1

2025.1.0-rc2

2025.2.0

2025.3.0

2025.4.0-rc1

2025.5.0

2025.6.0

2025.7.0

2025.7.0-rc1

2025.8.0

2025.9.0

Database specific

vanir_signatures

[
    {
        "deprecated": false,
        "source": "https://github.com/everest/everest-core/commit/c86cd9c0ada60b5797f574fd484eae4d8330017d",
        "id": "CVE-2025-68137-aed155c7",
        "target": {
            "file": "modules/EVSE/Auth/tests/auth_tests.cpp"
        },
        "digest": {
            "line_hashes": [
                "243003712789178062503146303338281965718",
                "28960150712886505085483741986671241515",
                "168243888782963850779708053776925040017",
                "301503089711335497483477796302426921625",
                "266559291961740525977226234582463159260",
                "14112705696940663726721188972121718934",
                "229722161894950827463204315700879441599",
                "171855750029820596888200642603912303410",
                "1847160579080647096042318630878208024"
            ],
            "threshold": 0.9
        },
        "signature_type": "Line",
        "signature_version": "v1"
    },
    {
        "deprecated": false,
        "source": "https://github.com/everest/everest-core/commit/c86cd9c0ada60b5797f574fd484eae4d8330017d",
        "id": "CVE-2025-68137-e210278c",
        "target": {
            "file": "modules/EVSE/Auth/tests/auth_tests.cpp",
            "function": "TEST_F"
        },
        "digest": {
            "function_hash": "274524476206042087287404301418060636027",
            "length": 1807.0
        },
        "signature_type": "Function",
        "signature_version": "v1"
    }
]

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-68137.json"