CVE-2025-59886HIGH 8.8EPSS p19.4%

CVE-2025-59886CVE-2025-59886

Description

Improper input validation at one of the endpoints of Eaton xComfort ECI's web interface, could lead into an attacker with network access to the device executing privileged user commands. As cybersecurity standards continue to evolve and to meet our requirements today, Eaton has decided to discontinue the product. Upon retirement or end of support, there will be no new security updates, non-security updates, or paid assisted support options, or online technical content updates.

Scoring

CVSS 3.18.8 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS0.28% probability of exploitation · percentile 19.4% · 2026-06-18T12:00:27Z
Published2025-12-23
Last modified2026-02-18

Underlying weaknesses· 1

CWE-20

References

  1. https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/etn-va-2025-1022.pdf

1

TypeTargetConfidenceTier
WeaknessImproper Input Validationcwe-200%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-59889
CVE
CVE-2025-59887
CVE
CVE-2025-40836
CVE
CVE-2026-25105
CVE
CVE-2025-53471
CVE
CVE-2026-25109
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.