CVE-2025-68137 is a classic buffer overflow vulnerability classified under CWE-120 and related to CWE-835 (loop with unreachable exit condition) found in the EVerest everest-core software stack used for managing electric vehicle (EV) charging stations. The vulnerability stems from an integer overflow in the SdpPacket::parse_header() function. Specifically, after reading a complete header of size 8 bytes, the current buffer length is incorrectly set to 7. When calculating the remaining length to read, the code subtracts the header length from the current length, resulting in a negative value. Because the length is stored in an unsigned size_t type, this negative value is interpreted as a very large positive number (SIZE_MAX or slightly less). This causes the software to either enter an infinite loop (in plain TCP servers) or trigger a stack buffer overflow (in TLS servers). The buffer overflow can lead to memory corruption, potentially allowing remote attackers to execute arbitrary code, crash the service, or cause denial of service. The vulnerability does not require authentication or user interaction, increasing its risk. The issue was resolved in version 2025.10.0 of everest-core. No known exploits are reported in the wild yet, but the high CVSS score of 8.4 reflects the critical impact and complexity of exploitation due to the high attack complexity and network attack vector. The vulnerability affects all versions prior to 2025.10.0.

For European organizations, this vulnerability poses a significant threat to the security and availability of EV charging infrastructure, which is critical for the growing electric vehicle market and sustainable transportation goals. Exploitation could lead to remote code execution, allowing attackers to take control of charging stations or backend management systems, potentially disrupting EV charging services across wide areas. This disruption could impact consumer trust, cause financial losses, and affect critical infrastructure reliant on EV fleets. Confidentiality breaches could expose sensitive operational data or user information. The infinite loop scenario could cause denial of service, degrading the availability of charging stations. Given the increasing adoption of EVs in Europe and the strategic importance of clean energy infrastructure, this vulnerability could be leveraged by threat actors aiming to cause economic or reputational damage. The lack of authentication requirements makes it easier for attackers to exploit the flaw remotely, increasing the urgency for mitigation.

European organizations should immediately upgrade all instances of everest-core to version 2025.10.0 or later to eliminate the vulnerability. Until upgrades are completed, network segmentation should be enforced to isolate EV charging infrastructure from broader enterprise networks and the internet, reducing exposure. Implement strict firewall rules to limit access to the affected services only to trusted management systems. Monitor network traffic for unusual patterns indicative of exploitation attempts, such as repeated malformed SDP packets or anomalous connection behaviors. Conduct thorough code audits and penetration testing on EV charging software stacks to identify similar vulnerabilities. Establish incident response plans specifically addressing EV infrastructure compromise. Collaborate with vendors to ensure timely patch deployment and receive security advisories. Finally, consider deploying runtime protections such as stack canaries and address space layout randomization (ASLR) if supported by the platform to mitigate exploitation impact.