CVE-2025-68135 Overview
CVE-2025-68135 is a denial of service vulnerability affecting EVerest, an open-source EV charging software stack. The vulnerability stems from improper handling of C++ exceptions in the TbdController loop, which causes the controller and its caller to silently terminate when unhandled exceptions occur. This results in a denial of service condition affecting critical EV charging communication protocols including SDP (SECC Discovery Protocol) and ISO15118-20 servers.
Critical Impact
Attackers on an adjacent network can cause denial of service to EV charging infrastructure by triggering unhandled exceptions, disrupting SDP and ISO15118-20 communication servers essential for electric vehicle charging operations.
Affected Products
- EVerest everest-core versions prior to 2025.10.0
- EV charging systems utilizing EVerest software stack
- ISO15118-20 compliant charging stations running vulnerable EVerest versions
Discovery Timeline
- 2026-01-21 - CVE CVE-2025-68135 published to NVD
- 2026-01-21 - Last updated in NVD database
Technical Details for CVE-2025-68135
Vulnerability Analysis
This vulnerability is classified under CWE-703 (Improper Check or Handling of Exceptional Conditions). The core issue lies in how the TbdController component processes C++ exceptions. When exceptions are thrown during execution, they are not properly caught or handled by the controller loop or its calling functions. Instead of graceful error handling or recovery, the affected threads silently terminate without logging or alerting administrators.
The silent termination behavior is particularly dangerous in EV charging infrastructure because the TbdController manages critical communication protocols. The SDP server handles discovery of charging stations by electric vehicles, while ISO15118-20 governs the communication protocol between EVs and charging infrastructure. When these services terminate unexpectedly, vehicles cannot establish or maintain charging sessions.
The attack can be launched from an adjacent network position, requiring no authentication or user interaction. An attacker within network proximity to the charging infrastructure could craft inputs or trigger conditions that cause exceptions, effectively rendering charging stations inoperable until services are manually restarted.
Root Cause
The root cause is improper exception handling (CWE-703) in the TbdController component. C++ exceptions propagate up the call stack and, when not caught by appropriate try-catch blocks, result in thread or process termination. The TbdController loop lacks proper exception handling mechanisms to catch, log, and recover from exceptional conditions, leading to silent failures that impact availability.
Attack Vector
The vulnerability is exploitable from an adjacent network position. An attacker with access to the same network segment as the EV charging infrastructure can send specially crafted requests or trigger conditions that cause the TbdController to encounter an unhandled exception. Since no authentication is required and no user interaction is needed, the attack surface is exposed to any network-adjacent adversary.
The attack results in high availability impact with no impact to confidentiality or integrity. The affected component silently terminates, taking down SDP and ISO15118-20 server functionality until manual intervention restores services.
Detection Methods for CVE-2025-68135
Indicators of Compromise
- Unexpected termination of EVerest TbdController processes without corresponding error logs
- SDP server becoming unresponsive to vehicle discovery requests
- ISO15118-20 communication failures between vehicles and charging stations
- Charging sessions failing to initialize or dropping unexpectedly
Detection Strategies
- Monitor EVerest process health using process supervision tools to detect unexpected terminations
- Implement network traffic analysis for anomalous patterns targeting EV charging protocols
- Configure alerting on charging station communication protocol failures
- Deploy endpoint detection to identify attack patterns against adjacent network services
Monitoring Recommendations
- Enable verbose logging for EVerest components to capture exception events before termination
- Implement process restart monitoring to detect recurring TbdController failures
- Monitor network traffic on ports used by SDP and ISO15118-20 protocols for suspicious activity
- Establish baseline metrics for charging session success rates to identify availability degradation
How to Mitigate CVE-2025-68135
Immediate Actions Required
- Upgrade EVerest everest-core to version 2025.10.0 or later immediately
- Review network segmentation to limit adjacent network access to charging infrastructure
- Implement process supervision to automatically restart failed services
- Monitor for service termination events pending patch deployment
Patch Information
The vulnerability is fixed in EVerest everest-core version 2025.10.0. The patch addresses the improper exception handling in the TbdController loop by implementing proper try-catch mechanisms that prevent silent termination and ensure graceful error recovery. Organizations should update to this version or later to remediate the vulnerability.
For detailed patch information and upgrade instructions, refer to the GitHub Security Advisory.
Workarounds
- Implement network access controls to restrict adjacent network access to EV charging systems
- Deploy process supervision (such as systemd watchdog) to automatically restart terminated services
- Enable network segmentation to isolate charging infrastructure from untrusted adjacent networks
- Consider temporary service monitoring with automatic restart scripts while awaiting patching
# Example: systemd watchdog configuration for EVerest services
# Add to EVerest service unit file to enable automatic restart on failure
[Service]
Restart=always
RestartSec=5
WatchdogSec=30
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
