Vulnerability Description
EVerest is an EV charging software stack. Prior to version 2025.12.0, `is_message_crc_correct` in the DZG_GSH01 powermeter SLIP parser reads `vec[vec.size()-1]` and `vec[vec.size()-2]` without checking that at least two bytes are present. Malformed SLIP frames on the serial link can reach `is_message_crc_correct` with `vec.size() < 2` (only via the multi-message path), causing an out-of-bounds read before CRC verification and `pop_back` underflow. Therefore, an attacker controlling the serial input can reliably crash the process. Version 2025.12.0 fixes the issue.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linuxfoundation | Everest | < 2025.12.0 |
Related Weaknesses (CWE)
References
- https://github.com/EVerest/everest-core/commit/b8139b95144e3fe0082789b7fafe4e532Patch
- https://github.com/EVerest/everest-core/security/advisories/GHSA-79gc-m8w6-9hx5ExploitMitigationVendor Advisory
FAQ
What is CVE-2025-68132?
CVE-2025-68132 is a vulnerability with a CVSS score of 4.6 (MEDIUM). EVerest is an EV charging software stack. Prior to version 2025.12.0, `is_message_crc_correct` in the DZG_GSH01 powermeter SLIP parser reads `vec[vec.size()-1]` and `vec[vec.size()-2]` without checkin...
How severe is CVE-2025-68132?
CVE-2025-68132 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-68132?
Check the references section above for vendor advisories and patch information. Affected products include: Linuxfoundation Everest.