PT-2026-1135 · Nuvation Energy · Multi-Stack Controller
Published
2025-01-13
·
Updated
2026-01-03
·
CVE-2025-64120
CVSS v4.0
9.4
Critical
| Vector | AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:P/AU:Y/R:I |
Name of the Vulnerable Software and Affected Versions
Nuvation Energy Multi-Stack Controller versions 2.3.8 through 2.5.0
Description
A flaw exists in Nuvation Energy Multi-Stack Controller that allows for OS Command Injection. This issue could allow an attacker to execute arbitrary commands on the system. The vulnerability grants shell access with minimal authentication, which is particularly critical for energy storage systems.
Recommendations
Update to a version later than 2.5.0.
Fix
OS Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Multi-Stack Controller