Improper Quotation Vulnerability in Eaton UPS Companion Software Installer
CVE-2025-59888

6.7MEDIUM

Key Information:

Vendor: Eaton
Status: Ups Companion Software
Vendor: CVE Published:; 26 December 2025

What is CVE-2025-59888?

The Eaton UPS Companion software installer has a security flaw stemming from improper quotation in its search paths. This vulnerability could allow an attacker with file system access to execute arbitrary code, potentially compromising the system's security. The issue has been addressed in the latest update available at the Eaton download center.

Affected Version(s)

UPS Companion software 0 < 3.0

References

https://www.eaton.com/content/dam/eaton/company/news-insi...

CVSS V3.1

Score:

6.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 26, 2025
Vulnerability Reserved
Sep 23, 2025

JSON