Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-84a7-6bxk-fqh9

Summary EVerest is an EV charging software stack. Prior to version 2025.9.0, once the validity of the received V2G message has been verified, it is checked whether the submitted session ID matches the registered one. However, if no session has been registered, the default value is 0. Therefore, a message submitted with a session ID of 0 is accepted, as it matches the registered value. This could allow unauthorized and anonymous indirect emission of MQTT messages and communication with V2G messages handlers, updating a session context. Version 2025.9.0 fixes the issue.

Aliases

alias	CVE-2025-68140

Fixed_packages

Affected_packages

References

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-68140

reference_id

reference_type

scores

value	0.00033
scoring_system	epss
scoring_elements	0.10263
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-68140

reference_url

https://github.com/EVerest/everest-core/security/advisories/GHSA-w385-3jwp-x47x

reference_id

GHSA-w385-3jwp-x47x

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-22T15:09:42Z/

url

https://github.com/EVerest/everest-core/security/advisories/GHSA-w385-3jwp-x47x

Weaknesses

cwe_id	863
name	Incorrect Authorization
description	The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

Exploits

Severity_range_score 4.3 - 4.3

Exploitability null

Weighted_severity null

Risk_score null

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-84a7-6bxk-fqh9

Vulnerability Instance