CVE-2025-68139

EVerest is an EV charging software stack. In all versions up to and including 2025.12.1, the default value for terminateconnectiononfailedresponse is False, which leaves the responsibility for session and connection termination to the EV. In this configuration, any errors encountered by the modul...

CVE-2025-68139

CVE-2025-68139 affects EVerest EV charging software stack. All versions up to and including 2025.12.1 default terminate_connection_on_failed_response to false, meaning the EV is responsible for closing sessions/connections after module errors; errors are logged but no automatic countermeasures (e...

CVE-2025-68139 In EVerest, by default, the EV is responsible for closing the connection if the module encounters an error during request processing

EVerest is an EV charging software stack. In all versions up to and including 2025.12.1, the default value for terminateconnectiononfailedresponse is False, which leaves the responsibility for session and connection termination to the EV. In this configuration, any errors encountered by the modul...

Everest-core authorization issue vulnerability

Everest-core is a major component of the open-source electric vehicle charging software stack developed by EVerest. Versions of Everest-core prior to 2025.12.1 contained an authorization vulnerability. This vulnerability stemmed from the default configuration of...

The vulnerability in the implementation of the SCTP protocol in Linux kernel allows a attacker to cause a service failure (to disconnect the connection).

The vulnerability in the implementation of the SCTP protocol net/sctp/smstatefuns.c in the Linux kernel is related to the lack of checking VTAG in the blocks received from the user, and the incorrect ABORT flag used to process these blocks. Exploiting this vulnerability allows a remote attacker t...