CVE-2025-59398

Summary

The OCPP implementation in libocpp before 0.26.2 allows a denial of service (EVerest crash) via JSON input larger than 255 characters, because a CiString<255> object is created with StringTooLarge set to Throw.

Affected Software

VendorProductVersion RangeStatus
EVerestlibocpp0 < 0.26.2affected

Weaknesses

  • CWE-392: CWE-392 Missing Report of Error Condition

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References