Nplatform
CVE-2025-64120
HIGH
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Nuvation Energy Multi-Stack Controller (MSC) allows OS Command Injection.This issue affects Multi-Stack Controller (MSC): from 2.3.8 before 2.5.1.
AnalysisAI
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Nuvation Energy Multi-Stack Controller (MSC) allows OS Command Injection.This issue affects Multi-Stack Controller (MSC): from 2.3.8 before 2.5.1. [CVSS 8.8 HIGH]
Technical ContextAI
Classified as CWE-78 (OS Command Injection). Affects Nplatform. Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Nuvation Energy Multi-Stack Controller (MSC) allows OS Command Injection.This issue affects Multi-Stack Controller (MSC): from 2.3.8 before 2.5.1.
RemediationAI
Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.
Nuvation Energy Multi-Stack Controller (MSC) for battery storage systems allows authentication bypass through an alterna
Nuvation Energy MSC through 2.5.1 can be used as an unintended network proxy to bridge security boundaries. An attacker
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Nuvation Ene
Insufficiently Protected Credentials vulnerability in Nuvation Energy Multi-Stack Controller (MSC) allows Signature Spoo
Same weakness CWE-78 – OS Command Injection
View allSame technique Command Injection
View allShare
External POC / Exploit Code
Leaving vuln.today