CVE-2025-64120 – Nuvation Energy Multi-Stack Controller OS Command Injection

CVE ID : CVE-2025-64120

Published : Jan. 2, 2026, 9:33 p.m. | 52 minutes ago

Description : Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) vulnerability in Nuvation Energy Multi-Stack Controller (MSC) allows OS Command Injection.This issue affects Multi-Stack Controller (MSC): from 2.3.8 before 2.5.1.

Severity: 9.4 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more… 

نوشته های مشابه

CVE-2025-64123 – Nuvation Energy nCloud Client-to-Client Communication

CVE-2025-64122 – Nuvation Energy Multi-Stack Controller Private Key Stored on Device

CVE-2025-64121 – Nuvation Energy Multi-Stack Controller Authentication Bypass

CVE-2025-64119 – Nuvation Energy BMS Client-side Authentication