CNNVD-202601-3356 Information

CNNVD ID

CNNVD-202601-3356

Related CVE

CVE-2025-68139

• CNNVD Published: 2026-01-21

Description (Chinese)

everest-core是EVerest开源的一个电动汽车充电软件堆栈的主要部分。 everest-core 2025.12.1及之前版本存在授权问题漏洞，该漏洞源于terminate_connection_on_failed_response默认配置为False，可能导致恶意用户利用其他弱点或漏洞。

Description (English)

Veverest-core is the main part of an electric vehicle charging software stack at the EVerest open source. There is a mandate gap in the best-core 2025.12.1 and earlier versions, which stems from the fact that terminite convention on failed response is defaulted to False and may lead to malicious users taking advantage of other weaknesses or loopholes.

Hazard Level

High

Vulnerability Type

授权问题

Affected Vendor

EVerest

Published

2026-01-21

Last Modified

2026-02-24

References

https://github.com/EVerest/everest-core/security/advisories/GHSA-wqh4-pj54-6xv9 https://access.redhat.com/security/cve/cve-2025-68139