Home > Vulnerability Database > CVE-2025-68138

Mend.io Vulnerability Database

CVE-2025-68138

Good to know:

Date: January 21, 2026

EVerest is an EV charging software stack, and EVerest libocpp is a C++ implementation of the Open Charge Point Protocol. In libocpp prior to version 0.30.1, pointers returned by the "strdup" calls are never freed. At each connection attempt, the newly allocated memory area will be leaked, potentially causing memory exhaustion and denial of service. Version 0.30.1 fixes the issue.

Severity Score

4.7

Related Resources (4)

Url: https://github.com/EVerest/everest-core/security/advisories/GHSA-f8c2-44c3-7v55

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-68138

Url: https://github.com/EVerest/libocpp/blob/89c7b62ec899db637f43b54f19af2c4af30cfa66/lib/ocpp/common/websocket/websocket_libwebsockets.cpp

Url: https://www.mend.io/vulnerability-database/CVE-2025-68138

Severity Score

4.7

Weakness Type (CWE)

Allocation of Resources Without Limits or Throttling

CWE-770

Top Fix

Upgrade Version

Upgrade to version https://github.com/EVerest/libocpp.git - v0.30.1

Learn More

CVSS v3.1

Base Score:	4.7
Attack Vector (AV):	ADJACENT_NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	CHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

CVE-2025-68138

Good to know:

Date: January 21, 2026

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?