CVE-2025-68135 is a vulnerability classified under CWE-703 (Improper Check or Handling of Exceptional Conditions) found in the everest-core component of the EVerest EV charging software stack. The flaw exists because the TbdController loop does not properly handle C++ exceptions, leading to silent termination of both the loop and its caller. This improper exception management causes a denial of service by disrupting the operation of SDP (Session Description Protocol) and ISO15118-20 servers, which are essential for communication between EV charging stations and electric vehicles. The vulnerability affects all versions prior to 2025.10.0, with the patch released in that version addressing the issue. The CVSS v3.1 score is 6.5 (medium severity), reflecting that the vulnerability requires network access (AV:A), no privileges (PR:N), no user interaction (UI:N), and impacts availability only (A:H) without affecting confidentiality or integrity. No known exploits have been reported in the wild, but the risk remains significant due to the critical role of the affected servers in EV charging operations. The vulnerability could lead to service outages, impacting EV charging availability and potentially causing operational disruptions in EV infrastructure relying on EVerest software.

The primary impact of CVE-2025-68135 is a denial of service affecting the availability of EV charging services that use the EVerest everest-core software stack. For European organizations operating EV charging infrastructure, this could mean interruptions in charging sessions, leading to customer dissatisfaction, operational delays, and potential revenue loss. Given the increasing reliance on EVs and the critical role of charging infrastructure in supporting sustainable transportation goals, such disruptions could also affect broader energy management and smart grid operations. The vulnerability does not compromise data confidentiality or integrity but undermines service reliability. In countries with high EV adoption and dense charging networks, the impact could be more pronounced, potentially affecting public and private charging stations, fleet operators, and energy providers. Additionally, prolonged or repeated outages could erode trust in EV infrastructure providers and slow EV adoption momentum.

To mitigate CVE-2025-68135, organizations should immediately upgrade the EVerest everest-core software to version 2025.10.0 or later, where the exception handling flaw is fixed. Beyond patching, it is recommended to implement enhanced monitoring and alerting on the TbdController loop and related SDP and ISO15118-20 server processes to detect unexpected terminations or failures promptly. Incorporating robust exception handling and failover mechanisms within the EV charging software stack can prevent silent failures and maintain service continuity. Regularly testing the resilience of the charging infrastructure under fault conditions will help identify weaknesses early. Additionally, organizations should maintain an inventory of EV charging software versions deployed across their infrastructure to ensure timely updates. Collaboration with EVerest vendors for security advisories and updates is also advised. Finally, contingency plans for service continuity during outages should be developed and communicated to stakeholders.