CVE-2025-59887

HIGH EPSS 17.9%

Published Dec 26, 20256mo ago · Modified Jun 17, 20261w ago

8.6 CVSS 3.1

High

Published Dec 26, 2025 6mo ago

Last Modified Jun 17, 2026 1w ago

Description

Improper authentication of library files in the Eaton UPS Companion software installer could lead to arbitrary code execution of an attacker with the access to the software package. This security issue has been fixed in the latest version of EUC which is available on the Eaton download center.

CVSS Details

Base Score

8.6

Exploitability

1.8

Impact

6.0

Vector string

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Attack Vector Local

Attack Complexity Low

Privileges Required None

User Interaction Required

Scope Changed

Confidentiality High

Integrity High

Availability High

Threat Intelligence

EPSS Exploit Probability

17.9% percentile

Exploit & Patch Status

No Known Exploit

Patch Available

Weaknesses 1

CWE-427

Affected Products 1

Vendor	Product	Version	Range
eaton	ups_companion	*	<3.0

References 1

eaton.com https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/etn-va-2025-1026.pdf

PatchVendor Advisory

Remediation

eaton.com https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/etn-va-2025-1026.pdf

PatchVendor Advisory