CVE-2025-59886 HIGH

CVE-2025-59886

Vendor Eaton
Product Eaton xComfort ECI
Weakness CWE-20 · Input validation
Published December 23, 2025
Last update December 23, 2025

CVSS base score

8.8/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Improper input validation at one of the endpoints of Eaton xComfort ECI's web interface, could lead into an attacker with network access to the device executing privileged user commands. As cybersecurity standards continue to evolve and to meet our requirements today, Eaton has decided to discontinue the product. Upon retirement or end of support, there will be no new security updates, non-security updates, or paid assisted support options, or online technical content updates.

Key dates

02Disclosure timeline

December 23, 2025 CVE published
December 23, 2025 Record updated