CVE-2025-64121

Nuvation Energy Multi-Stack Controller Authentication Bypass

Description

Authentication Bypass Using an Alternate Path or Channel vulnerability in Nuvation Energy Multi-Stack Controller (MSC) allows Authentication Bypass.This issue affects Multi-Stack Controller (MSC): from 2.3.8 before 2.5.1.

INFO

Published Date :

2026-01-02T21:35:53.593Z

Last Modified :

2026-01-05T20:37:31.516Z

Source :

Dragos

AFFECTED PRODUCTS

The following products are affected by CVE-2025-64121 vulnerability.

Vendors	Products
Nuvation Energy	Multi-stack Controller
Nuvationenergy	Nplatform Nuvmsc3-04s-c Nuvmsc3-08s-c Nuvmsc3-12s-c Nuvmsc3-16s-c

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-64121.

URL	Resource
https://www.dragos.com/community/advisories/CVE-2025-64119

CVSS Vulnerability Scoring System

V4
V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Attack Requirements

Privileges Required

User Interaction

VS Confidentiality

VS Integrity

VS Availability

SS Confidentiality

SS Integrity

SS Availability

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact