Browse all 7 CVE security advisories affecting Nuvation Energy. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Nuvation Energy develops battery management systems for electric vehicles and energy storage, with 7 CVEs primarily involving remote code execution and cross-site scripting vulnerabilities in their web interfaces. Historically, their products have faced issues with improper access control and privilege escalation, allowing unauthorized users to manipulate system configurations. While no major public security incidents have been documented, the consistent presence of RCE and XSS vulnerabilities in their web components suggests potential attack surfaces that could compromise system integrity if exploited. Their security posture appears typical for industrial IoT devices, balancing functionality with basic security measures.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-64124 | Nuvation Energy Multi-Stack Controller OS Command Injection — Multi-Stack Controller (MSC)CWE-78 | 7.2 | - | 2026-01-03 |
| CVE-2025-64125 | Nuvation Energy nCloud Client-to-Client Communication — nCloud VPN ServiceCWE-441 | 10.0 | - | 2026-01-03 |
| CVE-2025-64123 | Nuvation Energy Multi-Stack Controller Proxy service allows arbitrary BMS access — Multi-Stack Controller (MSC)CWE-441 | 8.6 | - | 2026-01-02 |
| CVE-2025-64122 | Nuvation Energy Multi-Stack Controller Private Key Stored on Device — Multi-Stack Controller (MSC)CWE-522 | 7.5 | - | 2026-01-02 |
| CVE-2025-64121 | Nuvation Energy Multi-Stack Controller Authentication Bypass — Multi-Stack Controller (MSC)CWE-288 | 9.8 | - | 2026-01-02 |
| CVE-2025-64120 | Nuvation Energy Multi-Stack Controller OS Command Injection — Multi-Stack Controller (MSC)CWE-78 | 8.8 | - | 2026-01-02 |
| CVE-2025-64119 | Nuvation Energy BMS Client-side Authentication — Battery Management SystemCWE-603 | 9.8 | - | 2026-01-02 |
This page lists every published CVE security advisory associated with Nuvation Energy. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.