CVE-2025-64125— Nuvation Energy nCloud Client-to-Client Communication
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2025-64125
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Nuvation Energy nCloud Client-to-Client Communication
Source: NVD (National Vulnerability Database)
Vulnerability Description
A vulnerability in Nuvation Energy nCloud VPN Service allowed Network Boundary Bridging.This issue affected the nCloud VPN Service and was fixed on 2025-12-1 (December, 2025). End users do not have to take any action to mitigate the issue.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
未有动机的代理或中间人(混淆代理)
Source: NVD (National Vulnerability Database)
Vulnerability Title
Nuvation Energy nCloud VPN 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Nuvation Energy nCloud VPN是美国Nuvation Energy公司的一个安全远程连接服务。 Nuvation Energy nCloud VPN存在安全漏洞,该漏洞源于存在网络边界桥接。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Nuvation Energy | nCloud VPN Service | 2025-12-1 | - |
II. Public POCs for CVE-2025-64125
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2025-64125
请登录查看更多情报信息。
IV. Related Vulnerabilities
Same vendor: Nuvation Energy
- CVE-2025-64124
Nuvation Energy Multi-Stack Controller OS Command Injection - CVE-2025-64123
Nuvation Energy Multi-Stack Controller Proxy service allows - CVE-2025-64122
Nuvation Energy Multi-Stack Controller Private Key Stored on - CVE-2025-64121
Nuvation Energy Multi-Stack Controller Authentication Bypass - CVE-2025-64120
Nuvation Energy Multi-Stack Controller OS Command Injection
Same weakness: CWE-441
- CVE-2026-45182
GrapheneOS 20260504前IP泄露漏洞 - CVE-2026-41365
OpenClaw < 2026.3.31 - Sender Allowlist Bypass via Graph API - CVE-2026-6993
go-kratos http.DefaultServeMux Fallback server.go NewServer - CVE-2026-39906
Unisys WebPerfect Image Suite 3.0 NTLMv2 Hash Leakage via .N - CVE-2025-62718
Axios has a NO_PROXY Hostname Normalization Bypass that Lead
V. Comments for CVE-2025-64125
No comments yet