CVE-2025-64122 HIGH

CVE-2025-64122: Nuvation Energy Multi-Stack Controller Private Key Stored on Device

Vendor Nuvation Energy
Product Multi-Stack Controller (MSC)
Weakness CWE-522 · Insufficiently protected credentials
Published January 2, 2026
Last update January 5, 2026

CVSS base score

7.2/10
Attack vector Local
Attack complexity High
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:H/SI:H/SA:H

What the vulnerability does

01Description

Insufficiently Protected Credentials vulnerability in Nuvation Energy Multi-Stack Controller (MSC) allows Signature Spoofing by Key Theft.This issue affects Multi-Stack Controller (MSC): through 2.5.1.

Key dates

02Disclosure timeline

January 2, 2026 CVE published
January 5, 2026 Record updated