CVE-2025-67450

HIGH EPSS 3.3%

Published Dec 26, 20256mo ago · Modified Jun 17, 20261w ago

7.8 CVSS 3.1

High

Published Dec 26, 2025 6mo ago

Last Modified Jun 17, 2026 1w ago

Description

Due to insecure library loading in the Eaton UPS Companion software executable, an attacker with access to the software package could perform arbitrary code execution . This security issue has been fixed in the latest version of EUC which is available on the Eaton download center.

CVSS Details

Base Score

7.8

Exploitability

1.1

Impact

6.0

Vector string

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

Attack Vector Local

Attack Complexity High

Privileges Required Low

User Interaction None

Scope Changed

Confidentiality High

Integrity High

Availability High

Threat Intelligence

EPSS Exploit Probability

3.3% percentile

Exploit & Patch Status

No Known Exploit

Patch Available

Weaknesses 1

CWE-427

Affected Products 1

Vendor	Product	Version	Range
eaton	ups_companion	*	<3.0

References 1

eaton.com https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/etn-va-2025-1027.pdf

PatchVendor Advisory

Remediation

eaton.com https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/etn-va-2025-1027.pdf

PatchVendor Advisory