CVE-2025-59887
Improper Authentication in Eaton UPS Installer Enables Code Execution
Publication date: 2025-12-26
Last updated on: 2026-02-18
Assigner: Eaton
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| eaton | ups_companion | to 3.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-427 | The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves improper authentication of library files in the Eaton UPS Companion software installer. An attacker who has access to the software package could exploit this flaw to execute arbitrary code on the system during installation.
How can this vulnerability impact me? :
The vulnerability can lead to arbitrary code execution by an attacker, potentially allowing them to take control of the affected system, compromise data integrity, confidentiality, and availability, and cause significant damage or disruption.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, you should update the Eaton UPS Companion software to the latest version available on the Eaton download center, as the issue has been fixed in that release.