CVE-2025-64123

Unknown Unknown - Not Provided

Network Boundary Bridging Vulnerability in Nuvation nCloud VPN

Publication date: 2026-01-02

Last updated on: 2026-02-26

Assigner: Dragos, Inc.

Description

A vulnerability in Nuvation Energy nCloud VPN Service allowed Network Boundary Bridging.This issue affected the nCloud VPN Service and was fixed on 2025-12-1 (December, 2025). End users do not have to take any action to mitigate the issue.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published

2026-01-02

Last Modified

2026-02-26

Generated

2026-06-16

AI Q&A

2026-01-03

EPSS Evaluated

2026-06-15

NVD

CVE-2025-64123

Affected Vendors & Products

Vendor	Product	Version / Range
nuvationenergy	nplatform	to 2.5.1 (inc)

Helpful Resources

Exploitability

CWE

KEV

CWE ID	Description
CWE-441	The product receives a request, message, or directive from an upstream component, but the product does not sufficiently preserve the original source of the request before forwarding the request to an external actor that is outside of the product's control sphere. This causes the product to appear to be the source of the request, leading it to act as a proxy or other intermediary between the upstream component and the external actor.

CWE ID

Description

CWE-441

The product receives a request, message, or directive from an upstream component, but the product does not sufficiently preserve the original source of the request before forwarding the request to an external actor that is outside of the product's control sphere. This causes the product to appear to be the source of the request, leading it to act as a proxy or other intermediary between the upstream component and the external actor.

Attack-Flow Graph

Executive Summary

This vulnerability in the Nuvation Energy nCloud VPN Service allowed Network Boundary Bridging, which means it could enable unauthorized crossing of network boundaries through the VPN service. It was fixed on December 1, 2025, and end users do not need to take any action to mitigate it.

Impact Analysis

The vulnerability could allow an attacker to bridge network boundaries improperly, potentially leading to unauthorized access or exposure of network segments that should be isolated. This can compromise network security and confidentiality.

Mitigation Strategies

End users do not have to take any action to mitigate the issue.

Hi! I’m here to help you understand CVE-2025-64123. Ask me anything about the vulnerability, its impact, or mitigation strategies.

0/70

CVE-2025-64123

Network Boundary Bridging Vulnerability in Nuvation nCloud VPN

Description

CVSS Scores

EPSS Scores

Meta Information

Affected Vendors & Products

Helpful Resources

Exploitability

Attack-Flow Graph

AI Quick Actions

Chat Assistant

EPSS Chart