Description

EVerest is an EV charging software stack. Prior to version 2025.10.0, during the deserialization of a `DC_ChargeLoopRes` message that includes Receipt as well as TaxCosts, the vector `<DetailedTax>tax_costs` in the target `Receipt` structure is accessed out of bounds. This occurs in the method `template <> void convert(const struct iso20_dc_DetailedTaxType& in, datatypes::DetailedTax& out)` which leads to a null pointer dereference and causes the module to terminate. The EVerest processes and all its modules shut down, affecting all EVSE. Version 2025.10.0 fixes the issue.

INFO

Published Date :

2026-01-21T19:56:14.482Z

Last Modified :

2026-01-22T16:50:38.843Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-68141 vulnerability.

Vendors Products
Everest
  • Everest-core
Linuxfoundation
  • Everest
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-68141.

URL Resource
https://github.com/EVerest/everest-core/security/advisories/GHSA-ph4w-r9q8-vm9h cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact