CVE-2025-68136 is a vulnerability classified under CWE-770 (Allocation of Resources Without Limits or Throttling) affecting the everest-core component of the EVerest EV charging software stack. The flaw exists in versions prior to 2025.10.0 and is triggered when the module receives an SDP (Session Description Protocol) request. Upon receiving such a request, the software creates new objects including Session and IConnection instances, which open new TCP sockets to handle ISO15118-20 communications. However, the previous session objects and their associated sockets are neither closed nor destroyed, and the unique_ptr managing these objects loses ownership, leading to dangling pointers. If the socket/file descriptor in use is not the last one created, this results in a null pointer dereference. The consequence is a denial of service condition due to resource exhaustion and application crashes. The vulnerability has a CVSS 3.1 score of 7.4, with attack vector being adjacent network (AV:A), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), and scope changed (S:C). The impact affects availability (A:H) but not confidentiality or integrity. No known exploits are reported in the wild as of now. The issue was resolved in version 2025.10.0 by properly managing resource lifecycles and ensuring previous sessions and sockets are correctly closed and destroyed.

For European organizations, especially those operating EV charging infrastructure utilizing the EVerest everest-core software, this vulnerability poses a significant risk of denial of service. Disruption of EV charging services can lead to operational downtime, customer dissatisfaction, and potential financial losses. Given the increasing adoption of electric vehicles across Europe, charging stations are critical infrastructure components. A successful exploitation could cause widespread service outages, impacting urban mobility and potentially straining energy management systems. While the vulnerability does not compromise data confidentiality or integrity, the availability impact alone can have cascading effects on transportation and energy sectors. Additionally, the adjacent network attack vector means that attackers need to be within the local network or have network access to the charging station systems, which may be feasible in public or semi-public charging environments.

Organizations should immediately upgrade the EVerest everest-core software to version 2025.10.0 or later, where the vulnerability is fixed. Until patching is possible, network segmentation should be enforced to restrict access to the EV charging management network, limiting exposure to adjacent attackers. Monitoring for abnormal resource consumption and socket usage on charging station systems can help detect exploitation attempts. Implementing strict session management and resource cleanup policies at the application level can mitigate similar issues. Additionally, deploying intrusion detection systems capable of recognizing anomalous SDP request patterns or excessive session creation may provide early warning. Regular audits of EV infrastructure software versions and configurations are essential to maintain security posture.