CVE-2025-68132 is a low-severity vulnerability classified as CWE-125 (Out-of-bounds Read) found in the EVerest everest-core software stack, which is used for managing EV charging systems. The vulnerability exists in the function is_message_crc_correct within the DZG_GSH01 powermeter SLIP parser. This function reads the last two bytes of a vector (vec[vec.size()-1] and vec[vec.size()-2]) without first verifying that the vector contains at least two bytes. When malformed SLIP frames are received via the serial link, specifically through the multi-message path, the vector size can be less than two, causing the function to perform an out-of-bounds read. This leads to undefined behavior, including a potential pop_back underflow, which can crash the process. The vulnerability can be triggered by an attacker who has control over the serial input channel, which is typically a local or physically proximate attack vector. No authentication or user interaction is required to exploit this flaw. The impact is limited to denial of service by crashing the affected process, with no indication of data leakage or privilege escalation. The issue was resolved in version 2025.12.0 of everest-core. No known public exploits or active exploitation have been reported as of the publication date. The CVSS 4.0 base score is 2.4, reflecting the low impact and limited attack vector (physical proximity or local access).

For European organizations operating EV charging infrastructure using EVerest everest-core versions prior to 2025.12.0, this vulnerability poses a risk of service disruption due to process crashes triggered by malformed serial input. Although the impact is limited to availability and does not compromise confidentiality or integrity, denial of service in critical EV charging stations could affect operational continuity and customer experience. In regions with high EV adoption, such disruptions could have cascading effects on transportation and energy management systems. The requirement for attacker control over the serial link limits remote exploitation, but insider threats or compromised local devices could exploit this flaw. Given the increasing reliance on EV infrastructure in Europe, even low-severity vulnerabilities warrant timely remediation to maintain service reliability and trust.

European organizations should prioritize upgrading EVerest everest-core to version 2025.12.0 or later, where the vulnerability is fixed. In addition, organizations should implement strict physical and logical access controls to the serial interfaces of EV charging equipment to prevent unauthorized manipulation. Monitoring and anomaly detection on serial communication channels can help identify malformed SLIP frames indicative of exploitation attempts. Regular security audits of EV infrastructure software and hardware configurations should be conducted to ensure no legacy vulnerable versions remain in operation. Where immediate patching is not feasible, isolating the affected devices from untrusted networks and restricting serial port access can reduce risk. Vendor coordination for timely updates and incident response planning for potential denial-of-service events are also recommended.