EVerest's unlimited connections can lead to DoS through operating system resource exhaustion

EVerest is an EV charging software stack. In versions 2025.9.0 and below, an attacker can exhaust the operating system's memory and cause the module to terminate by initiating an unlimited number of TCP connections that never proceed to ISO 15118-2 communication. This is possible because a new thread is started for each incoming plain TCP or TLS socket connection before any verification occurs, and the verification performed is too permissive. The EVerest processes and all its modules shut down, affecting all EVSE functionality. This issue is fixed in version 2025.10.0.

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

不加限制或调节的资源分配

everest-core 安全漏洞

everest-core是EVerest开源的一个电动汽车充电软件堆栈的主要部分。 everest-core 2025.10.0之前版本存在安全漏洞，该漏洞源于攻击者可通过发起无限数量的TCP连接来耗尽操作系统内存，可能导致模块终止。

N/A

N/A