Nplatform
CVE-2025-64122
MEDIUM
Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Lifecycle Timeline
2DescriptionCVE.org
Insufficiently Protected Credentials vulnerability in Nuvation Energy Multi-Stack Controller (MSC) allows Signature Spoofing by Key Theft.This issue affects Multi-Stack Controller (MSC): through 2.5.1.
AnalysisAI
Insufficiently Protected Credentials vulnerability in Nuvation Energy Multi-Stack Controller (MSC) allows Signature Spoofing by Key Theft.This issue affects Multi-Stack Controller (MSC): through 2.5.1. [CVSS 5.5 MEDIUM]
Technical ContextAI
Classified as CWE-522 (Insufficiently Protected Credentials). Affects Nplatform. Insufficiently Protected Credentials vulnerability in Nuvation Energy Multi-Stack Controller (MSC) allows Signature Spoofing by Key Theft.This issue affects Multi-Stack Controller (MSC): through 2.5.1.
RemediationAI
Monitor vendor advisories for a patch.
Nuvation Energy Multi-Stack Controller (MSC) for battery storage systems allows authentication bypass through an alterna
Nuvation Energy MSC through 2.5.1 can be used as an unintended network proxy to bridge security boundaries. An attacker
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Nuvation Ene
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Nuvation Ene
Same weakness CWE-522 – Insufficiently Protected Credentials
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today