CNNVD-202601-3355 Information

CNNVD ID

CNNVD-202601-3355

Related CVE

CVE-2025-68140

• CNNVD Published: 2026-01-21

Description (Chinese)

everest-core是EVerest开源的一个电动汽车充电软件堆栈的主要部分。 everest-core 2025.9.0之前版本存在安全漏洞，该漏洞源于会话ID默认值为0时的验证缺陷，可能导致未经授权和匿名的MQTT消息间接发送及会话上下文更新。

Description (English)

Veverest-core is the main part of an electric vehicle charging software stack at the EVerest open source. There is a security loophole in the pre-everest-core 2025.9.0, which stems from the verification defect of a default session ID at 0, which may lead to the indirect sending of unauthorized and anonymous MQTT messages and updates of the context of the session.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

EVerest

Published

2026-01-21

Last Modified

2026-02-24

References

https://github.com/EVerest/everest-core/security/advisories/GHSA-w385-3jwp-x47x https://access.redhat.com/security/cve/cve-2025-68140

Patch

https://github.com/EVerest/everest-core