SB2026011619 - Multiple vulnerabilities in EATON UPS Companion

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) Insecure DLL loading (CVE-ID: CVE-2025-59887)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to improper authentication of library files. A remote attacker can place a specially crafted .dll file and execute arbitrary code with elevated privileges on the target system.

2) Unquoted Search Path or Element (CVE-ID: CVE-2025-59888)

The vulnerability allows a local user to execute arbitrary code on the target system.

The vulnerability exists due to unquoted search path or element. A local administrator can execute arbitrary code on the target system.

Remediation

Install update from vendor's website.

References

• https://jvn.jp/en/jp/JVN48187396/index.html
• https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/etn-va-2025-1026.pdf