CVE-2025-59887 HIGH

CVE-2025-59887

Vendor Eaton
Product Eaton UPS Companion Software
Weakness CWE-427
Published December 26, 2025
Last update December 26, 2025

CVSS base score

8.6/10
Attack vector Local
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

Improper authentication of library files in the Eaton UPS Companion software installer could lead to arbitrary code execution of an attacker with the access to the software package. This security issue has been fixed in the latest version of EUC which is available on the Eaton download center.

Key dates

02Disclosure timeline

December 26, 2025 CVE published
December 26, 2025 Record updated