Nplatform
CVE-2025-64123
CRITICAL
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
Unintended Proxy or Intermediary vulnerability in Nuvation Energy Multi-Stack Controller (MSC) allows Network Boundary Bridging.This issue affects Multi-Stack Controller (MSC): through and including release 2.5.1.
AnalysisAI
Nuvation Energy MSC through 2.5.1 can be used as an unintended network proxy to bridge security boundaries. An attacker can leverage the controller to access networks that should be isolated, turning the battery controller into a pivot point.
Technical ContextAI
The Multi-Stack Controller contains an unintended proxy/intermediary vulnerability (CWE-441) that allows network traffic to be forwarded through the device. In energy infrastructure where IT and OT networks are supposed to be segmented, this effectively bridges the air gap.
RemediationAI
Implement additional network segmentation that does not rely on the MSC as a boundary. Add firewall rules blocking unexpected traffic patterns from the MSC. Monitor MSC network traffic for anomalous connections.
Nuvation Energy Multi-Stack Controller (MSC) for battery storage systems allows authentication bypass through an alterna
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Nuvation Ene
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Nuvation Ene
Insufficiently Protected Credentials vulnerability in Nuvation Energy Multi-Stack Controller (MSC) allows Signature Spoo
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today