CVE-2025-59888
MEDIUMDescription
Improper quotation in search paths in the Eaton UPS Companion software installer could lead to arbitrary code execution of an attacker with the access to the file system. This security issue has been fixed in the latest version of EUC which is available on the Eaton download center.
Is your site exposed to CVE-2025-59888?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| eaton | ups_companion |
References
Frequently Asked Questions
What is CVE-2025-59888? +
How severe is CVE-2025-59888? +
What products are affected by CVE-2025-59888? +
How do I check if I'm vulnerable to CVE-2025-59888? +
Related Vulnerabilities
The RupsMon and USBMate services in UPSilon 2000 run with SYSTEM privileges and contain unquoted service paths. This allows a …
The CMService.exe service runs with SYSTEM privileges and contains an unquoted service path. This allows a local attacker with write …
The Windows service configuration of ABP and AES contains an unquoted ImagePath registry value vulnerability. This allows a local attacker …
An Unquoted Search Path vulnerability has been identified in the utility for Moxa’s industrial computers (Windows). Due to the unquoted …
The service executable path in Seagate Toolkit on Versions prior to 2.34.0.33 on Windows allows an attacker with Admin privileges …
Flexsense DiskBoss 11.7.28 allows unauthenticated attackers to elevate their privileges using any of its services, enabling remote code execution during …