Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

nuvationenergy

Source -

NVD

BOS Name -

N/A

CNA CVEs -

0

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

5
Related CVEsRelated ProductsRelated AssignersReports
5Vulnerabilities found
CVE-2025-64124
Assigner-Dragos, Inc.
ShareView Details
Assigner-Dragos, Inc.
CVSS Score-8.7||HIGH
EPSS-0.25% / 48.22%
||
7 Day CHG-0.31%
Published-03 Jan, 2026 | 00:28
Updated-26 Feb, 2026 | 19:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Nuvation Energy Multi-Stack Controller OS Command Injection

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Nuvation Energy Multi-Stack Controller (MSC) allows OS Command Injection.This issue affects Multi-Stack Controller (MSC): before 2.5.1.

Action-Not Available
Vendor-nuvationenergyNuvation Energy
Product-nuvmsc3-16s-cnuvmsc3-12s-cnuvmsc3-08s-cnuvmsc3-04s-cnplatformMulti-Stack Controller (MSC)
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-64123
Assigner-Dragos, Inc.
ShareView Details
Assigner-Dragos, Inc.
CVSS Score-7.9||HIGH
EPSS-0.06% / 18.48%
||
7 Day CHG~0.00%
Published-02 Jan, 2026 | 21:41
Updated-26 Feb, 2026 | 19:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Nuvation Energy Multi-Stack Controller Proxy service allows arbitrary BMS access

Unintended Proxy or Intermediary vulnerability in Nuvation Energy Multi-Stack Controller (MSC) allows Network Boundary Bridging.This issue affects Multi-Stack Controller (MSC): through and including release 2.5.1.

Action-Not Available
Vendor-nuvationenergyNuvation Energy
Product-nuvmsc3-16s-cnuvmsc3-12s-cnuvmsc3-08s-cnuvmsc3-04s-cnplatformMulti-Stack Controller (MSC)
CWE ID-CWE-441
Unintended Proxy or Intermediary ('Confused Deputy')
CVE-2025-64122
Assigner-Dragos, Inc.
ShareView Details
Assigner-Dragos, Inc.
CVSS Score-7.2||HIGH
EPSS-0.01% / 3.10%
||
7 Day CHG-0.01%
Published-02 Jan, 2026 | 21:39
Updated-26 Feb, 2026 | 19:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Nuvation Energy Multi-Stack Controller Private Key Stored on Device

Insufficiently Protected Credentials vulnerability in Nuvation Energy Multi-Stack Controller (MSC) allows Signature Spoofing by Key Theft.This issue affects Multi-Stack Controller (MSC): through 2.5.1.

Action-Not Available
Vendor-nuvationenergyNuvation Energy
Product-nuvmsc3-16s-cnuvmsc3-12s-cnuvmsc3-08s-cnuvmsc3-04s-cnplatformMulti-Stack Controller (MSC)
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2025-64121
Assigner-Dragos, Inc.
ShareView Details
Assigner-Dragos, Inc.
CVSS Score-10||CRITICAL
EPSS-0.08% / 23.52%
||
7 Day CHG~0.00%
Published-02 Jan, 2026 | 21:35
Updated-26 Feb, 2026 | 19:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Nuvation Energy Multi-Stack Controller Authentication Bypass

Authentication Bypass Using an Alternate Path or Channel vulnerability in Nuvation Energy Multi-Stack Controller (MSC) allows Authentication Bypass.This issue affects Multi-Stack Controller (MSC): from 2.3.8 before 2.5.1.

Action-Not Available
Vendor-nuvationenergyNuvation Energy
Product-nuvmsc3-16s-cnuvmsc3-12s-cnuvmsc3-08s-cnuvmsc3-04s-cnplatformMulti-Stack Controller (MSC)
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel
CVE-2025-64120
Assigner-Dragos, Inc.
ShareView Details
Assigner-Dragos, Inc.
CVSS Score-9.4||CRITICAL
EPSS-0.25% / 48.22%
||
7 Day CHG-0.51%
Published-02 Jan, 2026 | 21:33
Updated-26 Feb, 2026 | 19:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Nuvation Energy Multi-Stack Controller OS Command Injection

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Nuvation Energy Multi-Stack Controller (MSC) allows OS Command Injection.This issue affects Multi-Stack Controller (MSC): from 2.3.8 before 2.5.1.

Action-Not Available
Vendor-nuvationenergyNuvation Energy
Product-nuvmsc3-16s-cnuvmsc3-12s-cnuvmsc3-08s-cnuvmsc3-04s-cnplatformMulti-Stack Controller (MSC)
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')