cbcvebase.

Nuvation Energy Multi-Stack Controller vulnerabilities

5 known vulnerabilities affecting nuvation_energy/multi-stack_controller.

Total CVEs
5
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH2MEDIUM1

Vulnerabilities

Page 1 of 1
CVE-2025-64121P2CRITICALCVSS 9.8≥ 2.3.8, < 2.5.12026-01-02
CVE-2025-64121 [CRITICAL] CWE-288 CVE-2025-64121: Authentication Bypass Using an Alternate Path or Channel vulnerability in Nuvation Energy Multi-Stac Authentication Bypass Using an Alternate Path or Channel vulnerability in Nuvation Energy Multi-Stack Controller (MSC) allows Authentication Bypass.This issue affects Multi-Stack Controller (MSC): from 2.3.8 before 2.5.1.
nvd
CVE-2025-64124P2HIGHCVSS 8.8fixed in 2.5.12026-01-03
CVE-2025-64124 [HIGH] CWE-78 CVE-2025-64124: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerabi Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Nuvation Energy Multi-Stack Controller (MSC) allows OS Command Injection.This issue affects Multi-Stack Controller (MSC): before 2.5.1.
nvd
CVE-2025-64120P2HIGHCVSS 8.8≥ 2.3.8, < 2.5.12026-01-02
CVE-2025-64120 [HIGH] CWE-78 CVE-2025-64120: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerabi Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Nuvation Energy Multi-Stack Controller (MSC) allows OS Command Injection.This issue affects Multi-Stack Controller (MSC): from 2.3.8 before 2.5.1.
nvd
CVE-2025-64123P3CRITICALCVSS 9.8≤ 2.5.12026-01-02
CVE-2025-64123 [CRITICAL] CWE-441 CVE-2025-64123: Unintended Proxy or Intermediary vulnerability in Nuvation Energy Multi-Stack Controller (MSC) allow Unintended Proxy or Intermediary vulnerability in Nuvation Energy Multi-Stack Controller (MSC) allows Network Boundary Bridging.This issue affects Multi-Stack Controller (MSC): through and including release 2.5.1.
nvd
CVE-2025-64122P4MEDIUMCVSS 5.5≤ 2.5.12026-01-02
CVE-2025-64122 [MEDIUM] CWE-522 CVE-2025-64122: Insufficiently Protected Credentials vulnerability in Nuvation Energy Multi-Stack Controller (MSC) a Insufficiently Protected Credentials vulnerability in Nuvation Energy Multi-Stack Controller (MSC) allows Signature Spoofing by Key Theft.This issue affects Multi-Stack Controller (MSC): through 2.5.1.
nvd