Aggregates CVE and security vulnerability intelligence across all nuvationenergy-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Historical issues mainly involve vendor risk ssrf and vendor risk command injection and related security problems, affecting vendor surface production workloads and vendor surface software deployment scenarios.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2025-64124 | Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Nuvation Energy Multi-Stack Controller (MSC) allows OS Command Injection.This issue affects Multi-Stack Controller (MSC): before 2.5.1. | [email protected] | 8.7 | 0.90% | 2026-01-02 | 2026-06-17 |
| CVE-2025-64123 | Unintended Proxy or Intermediary vulnerability in Nuvation Energy Multi-Stack Controller (MSC) allows Network Boundary Bridging.This issue affects Multi-Stack Controller (MSC): through and including release 2.5.1. | [email protected] | 7.9 | 0.27% | 2026-01-02 | 2026-06-17 |
| CVE-2025-64122 | Insufficiently Protected Credentials vulnerability in Nuvation Energy Multi-Stack Controller (MSC) allows Signature Spoofing by Key Theft.This issue affects Multi-Stack Controller (MSC): through 2.5.1. | [email protected] | 7.2 | 0.08% | 2026-01-02 | 2026-06-17 |
| CVE-2025-64121 | Authentication Bypass Using an Alternate Path or Channel vulnerability in Nuvation Energy Multi-Stack Controller (MSC) allows Authentication Bypass.This issue affects Multi-Stack Controller (MSC): from 2.3.8 before 2.5.1. | [email protected] | 10.0 | 0.35% | 2026-01-02 | 2026-06-17 |
| CVE-2025-64120 | Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Nuvation Energy Multi-Stack Controller (MSC) allows OS Command Injection.This issue affects Multi-Stack Controller (MSC): from 2.3.8 before 2.5.1. | [email protected] | 9.4 | 0.90% | 2026-01-02 | 2026-06-17 |