CVE-2025-59399 is a vulnerability identified in the EVerest project's libocpp library, specifically versions before 0.28.0. The issue stems from improper cleanup when an exception is thrown during error message generation, classified under CWE-460 (Improper Cleanup on Thrown Exception). In this scenario, if an error occurs and the system attempts to generate an error message, a secondary exception may be thrown. This secondary exception is not properly handled, leading to a denial of service (DoS) condition where the EVerest application crashes. The vulnerability does not impact confidentiality or integrity but affects availability by causing the application to terminate unexpectedly. The CVSS v3.1 base score is 3.1, indicating a low severity level. The attack vector is adjacent network (AV:A), requiring high attack complexity (AC:H), no privileges (PR:N), and no user interaction (UI:N). This means exploitation is possible only from a network adjacent to the vulnerable system, and it is difficult to exploit due to the complexity of triggering the secondary exception. No known exploits are currently in the wild, and no patches have been linked yet. The vulnerability primarily affects systems using libocpp versions prior to 0.28.0, which is a library used in the EVerest project, likely related to Open Charge Point Protocol (OCPP) implementations for electric vehicle charging infrastructure.

For European organizations, the impact of this vulnerability is primarily on the availability of systems utilizing the EVerest libocpp library, which is likely deployed in electric vehicle (EV) charging infrastructure. Given the increasing adoption of EVs and the EU's strong push for green energy and EV infrastructure, any disruption in charging station software could lead to service outages, affecting EV users and potentially causing reputational damage to service providers. However, since the vulnerability only causes a low-severity denial of service without compromising data confidentiality or integrity, the direct impact on sensitive information or system control is minimal. The requirement for an adjacent network attack vector and high attack complexity further reduces the likelihood of widespread exploitation. Nonetheless, critical infrastructure operators and service providers in the EV charging ecosystem should be aware of potential service disruptions and plan accordingly.

To mitigate this vulnerability, European organizations should: 1) Identify all instances of libocpp in their EV charging infrastructure and verify the version in use. 2) Upgrade to libocpp version 0.28.0 or later once available, as this version addresses the improper cleanup issue. 3) In the absence of an immediate patch, implement network segmentation to restrict access to the adjacent network where libocpp operates, minimizing exposure to potential attackers. 4) Monitor system logs for unexpected crashes or exceptions related to error message generation in EVerest components. 5) Engage with EVerest project maintainers or vendors for timely updates and patches. 6) Consider implementing application-level watchdog mechanisms to automatically restart services in case of crashes to maintain availability. 7) Conduct regular security assessments of EV charging infrastructure software to detect and remediate similar exception handling issues proactively.