CVE-2025-64119

CVSS v4.0

9.3

Critical

Vector

AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/S:P/AU:Y

Name of the Vulnerable Software and Affected Versions Nuvation Battery Management System versions through 2.3.9

Description A flaw exists in the Nuvation Battery Management System that permits authentication bypass. This allows unauthorized access to critical battery management functions via the network.

Recommendations Versions prior to 2.3.9 should be updated.

Fix

Insufficiently Protected Credentials

OS Command Injection

Authentication Bypass Using an Alternate Path or Channel

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-441CWE-522CWE-603CWE-78CWE-288

Related Identifiers

BDU:2026-00777

BDU:2026-00778

BDU:2026-00779

BDU:2026-00780

BDU:2026-00781

CVE-2025-64119

Affected Products

Nuvation Battery Management System

CVE-2025-64119

Weakness Enumeration

Related Identifiers

Affected Products

References · 14