CVE-2025-68137HIGH 8.3EPSS p16.2%

CVE-2025-68137CVE-2025-68137

Description

EVerest is an EV charging software stack. Prior to version 2025.10.0, an integer overflow occurring in `SdpPacket::parse_header()` allows the current buffer length to be set to 7 after a complete header of size 8 has been read. The remaining length to read is computed using the current length subtracted by the header length which results in a negative value. This value is then interpreted as `SIZE_MAX` (or slightly less) because the expected type of the argument is `size_t`. Depending on whether the server is plain TCP or TLS, this leads to either an infinite loop or a stack buffer overflow. Version 2025.10.0 fixes the issue.

Scoring

CVSS 3.18.3 (HIGH)
VectorCVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
EPSS0.25% probability of exploitation · percentile 16.2% · 2026-06-19T12:03:05Z
Published2026-01-21
Last modified2026-02-06

Underlying weaknesses· 2

CWE-120CWE-835

References

  1. https://github.com/EVerest/everest-core/security/advisories/GHSA-7qq4-q9r8-wc7w

2

TypeTargetConfidenceTier
WeaknessBuffer Copy without Checking Size of Input ('Classic Buffer Overflow')cwe-1200%live
WeaknessLoop with Unreachable Exit Condition ('Infinite Loop')cwe-8350%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-22790
CVE
CVE-2026-27815
CVE
CVE-2026-27816
CVE
CVE-2026-49759
CVE
CVE-2026-25532
CVE
CVE-2026-37537
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.