HIGH🇬🇧 English

CVE-2025-67450

CVSS 7.8v3.1pub. 2025-12-26upd. 2026-02-18

Due to insecure library loading in the Eaton UPS Companion software executable, an attacker with access to the software package could perform arbitrary code execution . This security issue has been fixed in the latest version of EUC which is available on the Eaton download center.

oryginał EN
CVSS Vector
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
  • Eaton Ups Companion

    APP
    Eaton
    < 3.0
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
RCE
CWE
Referencje

Powiązane podatności

CVE-2025-59887HIGH8.6ten sam produkt

Improper authentication of library files in the Eaton UPS Companion software installer could lead to arbitrary...

CVE-2020-6650HIGH8.3ten sam produkt

UPS companion software v1.05 & Prior is affected by ‘Eval Injection’ vulnerability. The software does not neut...

CVE-2025-59888MEDIUM6.7ten sam produkt

Improper quotation in search paths in the Eaton UPS Companion software installer could lead to arbitrary code ...

CVE-2021-23281CRITICAL10.0ten sam vendor

Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to unauthenticated remote code execution vul...

CVE-2018-16158CRITICAL9.8ten sam vendor

Eaton Power Xpert Meter 4000, 6000, and 8000 devices before 13.4.0.10 have a single SSH private key across dif...