EvseV2G has sequence state validation bypass
wordt vertaald…Platform
other
Component
everest-core
Opgelost in
2025.12.2
CVE-2026-24003 describes an authentication bypass vulnerability discovered in Everest-Core, an EV charging software stack. This flaw allows attackers to circumvent sequence state verification, potentially manipulating the charging process and injecting illegitimate data. The vulnerability affects versions up to 2025.12.1, and a patch is available in version 2025.12.2.
Impact en Aanvalsscenarioswordt vertaald…
Successful exploitation of CVE-2026-24003 could allow an attacker to manipulate the EV charging process without proper authentication. This could lead to unauthorized charging sessions, potentially incurring costs for the legitimate user or the charging station operator. The attacker could also potentially alter the charging parameters, leading to safety concerns or damage to the electric vehicle. While the description notes limitations preventing transitions out of the WaitingForAuthentication state, the ability to bypass authentication and manipulate state transitions represents a significant security risk.
Uitbuitingscontextwordt vertaald…
CVE-2026-24003 was publicly disclosed on January 26, 2026. The vulnerability's impact stems from the ability to bypass authentication, a common attack vector in charging infrastructure. There is currently no indication of active exploitation or inclusion in the CISA KEV catalog. Public proof-of-concept code is not yet available.
Wie Loopt Risicowordt vertaald…
Organizations and individuals deploying Everest-Core for EV charging infrastructure are at risk. This includes EV charging station operators, fleet managers, and users of electric vehicles who rely on these charging stations. Legacy deployments using older versions of Everest-Core are particularly vulnerable.
Detectiestappenwordt vertaald…
• linux / server: Monitor ISO 15118-2 communication logs for unexpected state transitions or authentication attempts. Use journalctl -f to observe real-time log activity.
journalctl -f | grep "state_transition" | grep "authentication"• generic web: Monitor network traffic for unusual ISO 15118-2 requests. Use curl to test the charging endpoint and observe the response headers and body for signs of manipulation.
curl -v https://<everest-core-endpoint>/iso15118Aanvalstijdlijn
- Disclosure
disclosure
Dreigingsinformatie
Exploit Status
EPSS
0.23% (45% percentiel)
CISA SSVC
CVSS-vector
Wat betekenen deze metrics?
- Attack Vector
- Aangrenzend — netwerknabijheid vereist: zelfde LAN, Bluetooth of lokaal draadloos segment.
- Attack Complexity
- Laag — geen speciale voorwaarden vereist. Betrouwbaar uitbuitbaar.
- Privileges Required
- Geen — geen authenticatie vereist om te exploiteren.
- User Interaction
- Geen — automatische en stille aanval. Slachtoffer doet niets.
- Scope
- Ongewijzigd — impact beperkt tot het kwetsbare component.
- Confidentiality
- Geen — geen vertrouwelijkheidsimpact.
- Integrity
- Laag — aanvaller kan enkele gegevens met beperkte omvang aanpassen.
- Availability
- Geen — geen beschikbaarheidsimpact.
Getroffen Software
Zwakheidsclassificatie (CWE)
Tijdlijn
- Gereserveerd
- Gepubliceerd
- Gewijzigd
- EPSS bijgewerkt
Mitigatie en Workaroundswordt vertaald…
The primary mitigation for CVE-2026-24003 is to upgrade Everest-Core to version 2025.12.2 or later, which includes the fix for this vulnerability. If an immediate upgrade is not possible, consider implementing stricter access controls and monitoring charging sessions for suspicious activity. While specific WAF rules or proxy configurations are not detailed, monitoring for unusual ISO 15118-2 communication patterns could provide an early warning of potential exploitation attempts. After upgrading, verify the fix by attempting to initiate a charging session without proper authentication and confirming that the state verification is enforced.
Hoe te verhelpenwordt vertaald…
Actualizar a una versión posterior a 2025.12.1 cuando esté disponible. Actualmente no hay versiones fijas disponibles. Monitorear el repositorio de EVerest para actualizaciones y aplicar el parche de seguridad tan pronto como se publique.
CVE Beveiligingsnieuwsbrief
Kwetsbaarheidsanalyses en kritieke waarschuwingen direct in uw inbox.
Veelgestelde vragenwordt vertaald…
What is CVE-2026-24003 — Authentication Bypass in Everest-Core?
CVE-2026-24003 is a medium-severity vulnerability in Everest-Core versions up to 2025.12.1 that allows attackers to bypass authentication and manipulate charging states.
Am I affected by CVE-2026-24003 in Everest-Core?
You are affected if you are using Everest-Core version 2025.12.1 or earlier. Upgrade to version 2025.12.2 or later to mitigate the risk.
How do I fix CVE-2026-24003 in Everest-Core?
Upgrade Everest-Core to version 2025.12.2 or later. If immediate upgrade is not possible, implement stricter access controls and monitor charging sessions.
Is CVE-2026-24003 being actively exploited?
There is currently no indication of active exploitation of CVE-2026-24003.
Where can I find the official Everest-Core advisory for CVE-2026-24003?
Refer to the official Everest-Core documentation and security advisories for the latest information regarding CVE-2026-24003.
Is jouw project getroffen?
Upload je dependency-bestand en kom direct te weten of deze en andere CVEs jou raken.