CVE-2025-64119— Nuvation Energy BMS Client-side Authentication
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2025-64119
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Nuvation Energy BMS Client-side Authentication
Source: NVD (National Vulnerability Database)
Vulnerability Description
A vulnerability in Nuvation Battery Management System allows Authentication Bypass.This issue affects Battery Management System: through 2.3.9.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
使用客户端的认证机制
Source: NVD (National Vulnerability Database)
Vulnerability Title
Nuvation Energy Battery Management System 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Nuvation Energy Battery Management System是美国Nuvation Energy公司的一个电池管理系统。 Nuvation Energy Battery Management System 2.3.9及之前版本存在安全漏洞,该漏洞源于允许身份验证绕过。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Nuvation Energy | Battery Management System | 0 ~ 2.3.9 | - |
II. Public POCs for CVE-2025-64119
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2025-64119
请登录查看更多情报信息。
Same Patch Batch · Nuvation Energy · 2026-01-02 · 5 CVEs total
| CVE-2025-64123 | Nuvation Energy Multi-Stack Controller Proxy service allows arbitrary BMS access | |
| CVE-2025-64122 | Nuvation Energy Multi-Stack Controller Private Key Stored on Device | |
| CVE-2025-64120 | Nuvation Energy Multi-Stack Controller OS Command Injection | |
| CVE-2025-64121 | Nuvation Energy Multi-Stack Controller Authentication Bypass |
IV. Related Vulnerabilities
Same vendor: Nuvation Energy
- CVE-2025-64124
Nuvation Energy Multi-Stack Controller OS Command Injection - CVE-2025-64125
Nuvation Energy nCloud Client-to-Client Communication - CVE-2025-64123
Nuvation Energy Multi-Stack Controller Proxy service allows - CVE-2025-64122
Nuvation Energy Multi-Stack Controller Private Key Stored on - CVE-2025-64121
Nuvation Energy Multi-Stack Controller Authentication Bypass
Same weakness: CWE-603
- CVE-2026-40551
Use of Client-Side Authentication in mpGabinet - CVE-2025-30042
Session generation possible with certificate number only - CVE-2026-1363
JNC|IAQS and I6 - Client-Side Enforcement of Server-Side Sec - CVE-2025-61940
Mirion Medical EC2 Software NMIS BioDose Use of Client-Side - CVE-2025-12868
CyberTutor|New Site Server - Use of Client-Side Authenticati
V. Comments for CVE-2025-64119
No comments yet