CVE-2025-68133 is a vulnerability classified under CWE-770 (Allocation of Resources Without Limits or Throttling) affecting the everest-core component of the EVerest EV charging software stack. In versions 2025.9.0 and earlier, the software accepts incoming TCP or TLS socket connections and immediately spawns a new thread for each connection before performing any meaningful verification. The verification that does occur is overly permissive, allowing an attacker to establish a large number of connections that never advance to the ISO 15118-2 protocol handshake, which is the standard communication protocol for EV charging. Because each connection consumes system resources (threads and memory), an attacker can exhaust the operating system's memory by opening many such connections simultaneously. This resource exhaustion causes the EVerest processes and all associated modules to crash or terminate unexpectedly, resulting in a denial of service (DoS) that disables all EVSE functionality managed by the software. The vulnerability does not impact confidentiality or integrity but severely impacts availability. The flaw is fixed in version 2025.10.0 by introducing proper connection verification and likely resource throttling or limits on thread creation. No known exploits are currently reported in the wild, but the ease of exploitation (no authentication or user interaction required) and the critical role of EVerest in EV charging infrastructure make this a significant threat.

For European organizations operating EV charging stations using the affected EVerest versions, this vulnerability poses a significant risk of service disruption. The denial of service caused by resource exhaustion can lead to widespread unavailability of EV charging points, impacting EV drivers and potentially causing reputational damage to operators. In countries with high EV adoption and dense charging networks, such as Germany, France, the Netherlands, Norway, and the UK, the impact could be substantial, affecting both public and private charging infrastructure. Disruption of EVSE functionality may also have cascading effects on energy management systems and smart grid operations that rely on these charging stations. Additionally, prolonged outages could hinder compliance with environmental and transportation policies promoting EV usage. Although no data confidentiality or integrity is compromised, the availability impact alone can cause operational and financial losses.

The primary mitigation is to upgrade all affected EVerest everest-core installations to version 2025.10.0 or later, where the vulnerability is fixed. Until upgrades can be applied, organizations should implement network-level protections such as rate limiting and connection throttling on the ports used by EVerest to prevent excessive simultaneous connections from single or distributed sources. Deploying intrusion detection or anomaly detection systems to monitor for unusual connection patterns indicative of an attack can provide early warning. Additionally, configuring firewall rules to restrict access to trusted IP ranges or authenticated clients can reduce exposure. Operators should also ensure robust logging and alerting on process crashes or resource exhaustion events to enable rapid incident response. Finally, coordinating with EVSE manufacturers and software vendors for timely patch deployment and security advisories is essential.