CVE-2025-59888

MEDIUM EPSS 9.1%

Published Dec 26, 20256mo ago · Modified Jun 17, 20261w ago

6.7 CVSS 3.1

Medium

Published Dec 26, 2025 6mo ago

Last Modified Jun 17, 2026 1w ago

Description

Improper quotation in search paths in the Eaton UPS Companion software installer could lead to arbitrary code execution of an attacker with the access to the file system. This security issue has been fixed in the latest version of EUC which is available on the Eaton download center.

CVSS Details

Base Score

6.7

Exploitability

0.8

Impact

5.3

Vector string

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:H

Attack Vector Local

Attack Complexity High

Privileges Required High

User Interaction None

Scope Changed

Confidentiality Low

Integrity Low

Availability High

Threat Intelligence

EPSS Exploit Probability

9.1% percentile

Exploit & Patch Status

No Known Exploit

Patch Available

Weaknesses 1

CWE-428

Affected Products 1

Vendor	Product	Version	Range
eaton	ups_companion	*	<3.0

References 1

eaton.com https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/etn-va-2025-1026.pdf

PatchVendor Advisory

Remediation

eaton.com https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/etn-va-2025-1026.pdf

PatchVendor Advisory