Description

EVerest is an EV charging software stack. Prior to version 2025.12.0, `is_message_crc_correct` in the DZG_GSH01 powermeter SLIP parser reads `vec[vec.size()-1]` and `vec[vec.size()-2]` without checking that at least two bytes are present. Malformed SLIP frames on the serial link can reach `is_message_crc_correct` with `vec.size() < 2` (only via the multi-message path), causing an out-of-bounds read before CRC verification and `pop_back` underflow. Therefore, an attacker controlling the serial input can reliably crash the process. Version 2025.12.0 fixes the issue.

INFO

Published Date :

2026-01-21T18:28:40.763Z

Last Modified :

2026-01-21T19:06:48.136Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-68132 vulnerability.

Vendors Products
Everest
  • Everest-core
Linuxfoundation
  • Everest
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-68132.

URL Resource
https://github.com/EVerest/everest-core/commit/b8139b95144e3fe0082789b7fafe4e532ee494a1 cve-icon cve-icon
https://github.com/EVerest/everest-core/security/advisories/GHSA-79gc-m8w6-9hx5 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability
Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact