CVE-2025-68141 is a vulnerability classified under CWE-476 (NULL Pointer Dereference) found in the everest-core component of the EVerest EV charging software stack. The flaw exists in versions prior to 2025.10.0 and is triggered during the deserialization process of the DC_ChargeLoopRes message, which includes Receipt and TaxCosts data structures. The vulnerability arises because the vector tax_costs within the Receipt structure is accessed out of bounds in the template specialization function convert(const iso20_dc_DetailedTaxType& in, datatypes::DetailedTax& out). This out-of-bounds access leads to a NULL pointer dereference, causing the affected module to crash. Since EVerest runs multiple modules that manage EV charging stations (EVSE), the crash results in the termination of all EVerest processes, effectively causing a denial of service (DoS) condition that disrupts EV charging operations. The CVSS v3.1 score is 7.4, reflecting high severity due to the impact on availability and the ease of exploitation (network vector, no privileges or user interaction required). The scope is changed (S:C) because the failure in one module affects the entire EVerest process ecosystem. No known exploits are currently reported in the wild. The vulnerability is resolved in version 2025.10.0 of everest-core. This issue is critical for operators relying on EVerest for EV charging management, as it can cause widespread service outages.

For European organizations operating EV charging infrastructure using the EVerest software stack, this vulnerability poses a significant risk of service disruption. The denial of service caused by the NULL pointer dereference can lead to widespread unavailability of EV charging stations, impacting end-users and potentially causing reputational damage and financial losses. Given the increasing reliance on EV infrastructure to meet environmental and transportation goals across Europe, such outages could hinder EV adoption and frustrate consumers. Critical infrastructure operators and public charging networks are particularly vulnerable, as prolonged downtime could affect transportation logistics and urban mobility. Additionally, the disruption could indirectly affect grid management systems that rely on real-time EV charging data. Since exploitation requires only network access without authentication, attackers could remotely trigger the crash, increasing the threat level. However, the vulnerability does not impact confidentiality or integrity, limiting the risk to availability only.

The primary mitigation is to upgrade the EVerest everest-core software to version 2025.10.0 or later, where the vulnerability is fixed. Organizations should prioritize patching affected systems to prevent exploitation. In parallel, network segmentation should be implemented to isolate EV charging management systems from untrusted networks, reducing the attack surface. Deploying strict input validation and anomaly detection on incoming DC_ChargeLoopRes messages can help identify and block malformed or suspicious payloads that might trigger the vulnerability. Monitoring logs and process health of EVerest modules can provide early warning of crashes or abnormal terminations. Employing redundancy and failover mechanisms in EVSE management can minimize service disruption if a module crashes. Finally, coordinating with EVerest vendors for security advisories and updates will ensure timely awareness of related vulnerabilities.