Arbitrary Code Execution Vulnerability in Eaton UPS Companion Software
CVE-2025-67450

7.8HIGH

Key Information:

Vendor: Eaton
Status: Ups Companion Software
Vendor: CVE Published:; 26 December 2025

What is CVE-2025-67450?

The Eaton UPS Companion software suffers from an arbitrary code execution vulnerability due to insecure library loading. This vulnerability allows an attacker who gains access to the software package to execute arbitrary code, which may compromise system integrity and availability. Eaton has addressed this issue in the latest version of the software, available for download from their site. Users are encouraged to update promptly to mitigate potential risks.

Affected Version(s)

UPS Companion software 0 < 3.0

References

https://www.eaton.com/content/dam/eaton/company/news-insi...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 26, 2025
Vulnerability Reserved
Dec 8, 2025

JSON