Kai-Uwe Hermann

5 exploits Active since Sep 2025
CVE-2025-68133 WRITEUP HIGH WRITEUP
Linuxfoundation Everest - Resource Allocation Without Limits
EVerest is an EV charging software stack. In versions 2025.9.0 and below, an attacker can exhaust the operating system's memory and cause the module to terminate by initiating an unlimited number of TCP connections that never proceed to ISO 15118-2 communication. This is possible because a new thread is started for each incoming plain TCP or TLS socket connection before any verification occurs, and the verification performed is too permissive. The EVerest processes and all its modules shut down, affecting all EVSE functionality. This issue is fixed in version 2025.10.0.
CVSS 7.4
CVE-2025-59398 WRITEUP LOW WRITEUP
libocpp <0.26.2 - DoS
The OCPP implementation in libocpp before 0.26.2 allows a denial of service (EVerest crash) via JSON input larger than 255 characters, because a CiString<255> object is created with StringTooLarge set to Throw.
CVSS 3.1
CVE-2025-59399 WRITEUP LOW WRITEUP
libocpp <0.28.0 - DoS
libocpp before 0.28.0 allows a denial of service (EVerest crash) because a secondary exception is thrown during error message generation.
CVSS 3.1
CVE-2025-68132 WRITEUP MEDIUM WRITEUP
Linuxfoundation Everest < 2025.12.0 - Out-of-Bounds Read
EVerest is an EV charging software stack. Prior to version 2025.12.0, `is_message_crc_correct` in the DZG_GSH01 powermeter SLIP parser reads `vec[vec.size()-1]` and `vec[vec.size()-2]` without checking that at least two bytes are present. Malformed SLIP frames on the serial link can reach `is_message_crc_correct` with `vec.size() < 2` (only via the multi-message path), causing an out-of-bounds read before CRC verification and `pop_back` underflow. Therefore, an attacker controlling the serial input can reliably crash the process. Version 2025.12.0 fixes the issue.
CVSS 4.6
CVE-2025-68133 WRITEUP HIGH WRITEUP
Linuxfoundation Everest - Resource Allocation Without Limits
EVerest is an EV charging software stack. In versions 2025.9.0 and below, an attacker can exhaust the operating system's memory and cause the module to terminate by initiating an unlimited number of TCP connections that never proceed to ISO 15118-2 communication. This is possible because a new thread is started for each incoming plain TCP or TLS socket connection before any verification occurs, and the verification performed is too permissive. The EVerest processes and all its modules shut down, affecting all EVSE functionality. This issue is fixed in version 2025.10.0.
CVSS 7.4