CVE-2025-59886

{"id": "CVE-2025-59886", "cveTags": [{"tags": ["unsupported-when-assigned"], "sourceIdentifier": "CybersecurityCOE@eaton.com"}], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "CybersecurityCOE@eaton.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2025-12-23T12:15:45.170", "references": [{"url": "https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/etn-va-2025-1022.pdf", "tags": ["Vendor Advisory"], "source": "CybersecurityCOE@eaton.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "CybersecurityCOE@eaton.com", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "Improper input validation at one of the endpoints of Eaton xComfort ECI's \n\nweb interface, could lead into an attacker with network access to the device executing privileged user commands.\u00a0As cybersecurity\nstandards continue to evolve and to meet our requirements today, Eaton has decided to discontinue the\nproduct. Upon retirement or end of support, there will be no new security updates, non-security\nupdates, or paid assisted support options, or online technical content updates."}], "lastModified": "2026-02-18T14:39:24.770", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:eaton:xcomfort_ethernet_communication_interface:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E0285649-DF6F-4C26-9BAB-3023CCABF5D9"}], "operator": "OR"}]}], "sourceIdentifier": "CybersecurityCOE@eaton.com"}