CVE-2025-68132 is a vulnerability classified as CWE-125 (Out-of-bounds Read) found in the EVerest everest-core software stack, which is used in electric vehicle (EV) charging systems. The issue resides in the function is_message_crc_correct within the DZG_GSH01 powermeter SLIP parser. This function attempts to read the last two bytes of a vector (vec[vec.size()-1] and vec[vec.size()-2]) without first verifying that the vector contains at least two bytes. Under normal operation, this assumption holds, but when malformed SLIP frames are received via the serial link—specifically through the multi-message path—the vector size can be less than two. This leads to an out-of-bounds read and a pop_back underflow, which can cause the process to crash. The vulnerability does not require any privileges, user interaction, or network access beyond the serial interface, and it does not compromise confidentiality, integrity, or availability beyond causing a denial of service by crashing the process. The flaw is fixed in version 2025.12.0 of everest-core. The CVSS 4.0 vector indicates a low severity score of 2.4, reflecting the limited attack surface and impact. No public exploits are known at this time, and the vulnerability was published on January 21, 2026.

For European organizations, the primary impact of CVE-2025-68132 is the potential for denial of service (DoS) on EV charging infrastructure components that utilize the affected EVerest everest-core versions. This could disrupt EV charging services, leading to operational downtime and customer dissatisfaction. Although the vulnerability does not allow for code execution or data compromise, repeated crashes could degrade system reliability and availability. Organizations operating public or private EV charging networks, especially those with high volumes of serial communication to powermeters, may experience service interruptions. Given the increasing adoption of EVs across Europe, any disruption in charging infrastructure could have cascading effects on transportation and energy management. However, the low CVSS score and requirement for direct serial input control limit the scope and ease of exploitation, reducing the overall risk. Still, critical infrastructure operators should consider this vulnerability in their risk assessments due to the strategic importance of EV charging networks in the European green energy transition.

The primary mitigation is to upgrade the EVerest everest-core software to version 2025.12.0 or later, where the vulnerability is fixed. Until patching is possible, organizations should implement strict input validation and filtering on the serial communication channels to prevent malformed SLIP frames from reaching the is_message_crc_correct function. Network segmentation and access controls should be enforced to restrict physical and logical access to the serial interfaces, limiting attacker capability to inject malicious frames. Monitoring and alerting on process crashes or abnormal behavior in the EV charging software can provide early detection of exploitation attempts. Additionally, conducting regular audits of EV charging system firmware and software versions will help ensure timely application of security updates. Vendors and operators should collaborate to establish secure update mechanisms and verify the integrity of software components to prevent tampering.