Primary

Context

Nuvation Battery Management System Authentication Bypass Vulnerability

Vulnerability

An authentication bypass vulnerability has been identified in Nuvation Battery Management System (BMS) versions through 2.3.9. This vulnerability allows unauthorized access by bypassing authentication mechanisms.

Impact

Exploitation of this vulnerability allows for client-side authentication bypass, enabling unauthorized users to gain access to the system or its functionalities.

Remediation

End users are advised to update their Battery Management System to version 2.5.1. Consult Nuvation's documentation for guidance on enabling authentication and setting a strong password. Security-conscious users may also wish to restrict access to the nCloud service if it is not needed for their operations.

Added: Jan 2, 2026, 10:19 PM

Updated: Jan 2, 2026, 10:19 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

7.4

remediation

0.0

relevance

1.8

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

7.4

remediation

0.0

relevance

1.8

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Nuvation Battery Management System Authentication Bypass Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating