MEDIUM🇬🇧 English

CVE-2025-59888

CVSS 6.7v3.1pub. 2025-12-26upd. 2026-02-18

Improper quotation in search paths in the Eaton UPS Companion software installer could lead to arbitrary code execution of an attacker with the access to the file system. This security issue has been fixed in the latest version of EUC which is available on the Eaton download center.

oryginał EN
CVSS Vector
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:H
  • Eaton Ups Companion

    APP
    Eaton
    < 3.0
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
RCE
CWE
Referencje

Powiązane podatności

CVE-2025-59887HIGH8.6ten sam produkt

Improper authentication of library files in the Eaton UPS Companion software installer could lead to arbitrary...

CVE-2025-67450HIGH7.8ten sam produkt

Due to insecure library loading in the Eaton UPS Companion software executable, an attacker with access to the...

CVE-2020-6650HIGH8.3ten sam produkt

UPS companion software v1.05 & Prior is affected by ‘Eval Injection’ vulnerability. The software does not neut...

CVE-2021-23281CRITICAL10.0ten sam vendor

Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to unauthenticated remote code execution vul...

CVE-2018-16158CRITICAL9.8ten sam vendor

Eaton Power Xpert Meter 4000, 6000, and 8000 devices before 13.4.0.10 have a single SSH private key across dif...