{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-67450", "assignerOrgId": "63703b7d-23e2-41ef-94b3-a3c6333f7759", "state": "PUBLISHED", "assignerShortName": "Eaton", "dateReserved": "2025-12-08T12:25:10.744Z", "datePublished": "2025-12-26T06:59:41.375Z", "dateUpdated": "2025-12-26T14:55:51.712Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "UPS Companion software", "vendor": "Eaton", "versions": [{"lessThan": "3.0", "status": "affected", "version": "0", "versionType": "custom"}]}], "datePublic": "2025-12-26T06:54:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Due to insecure library loading in the Eaton UPS Companion software executable,&nbsp;<span style=\"background-color: rgb(255, 255, 255);\">an attacker with access to the software package</span>\n\n could perform arbitrary code execution .&nbsp;<span style=\"background-color: rgb(255, 255, 255);\">This security issue has been fixed in the latest version of EUC which is available on the Eaton download center.</span>"}], "value": "Due to insecure library loading in the Eaton UPS Companion software executable,\u00a0an attacker with access to the software package\n\n could perform arbitrary code execution .\u00a0This security issue has been fixed in the latest version of EUC which is available on the Eaton download center."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-427", "description": "CWE-427 Uncontrolled Search Path Element", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "63703b7d-23e2-41ef-94b3-a3c6333f7759", "shortName": "Eaton", "dateUpdated": "2025-12-26T06:59:41.375Z"}, "references": [{"url": "https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/etn-va-2025-1027.pdf"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-12-26T14:55:41.664201Z", "id": "CVE-2025-67450", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-12-26T14:55:51.712Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-67450", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-12-26T14:55:41.664201Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-12-26T14:55:48.532Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Eaton", "product": "UPS Companion software", "versions": [{"status": "affected", "version": "0", "lessThan": "3.0", "versionType": "custom"}], "defaultStatus": "unaffected"}], "datePublic": "2025-12-26T06:54:00.000Z", "references": [{"url": "https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/etn-va-2025-1027.pdf"}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "Due to insecure library loading in the Eaton UPS Companion software executable,\u00a0an attacker with access to the software package\n\n could perform arbitrary code execution .\u00a0This security issue has been fixed in the latest version of EUC which is available on the Eaton download center.", "supportingMedia": [{"type": "text/html", "value": "Due to insecure library loading in the Eaton UPS Companion software executable,&nbsp;<span style=\"background-color: rgb(255, 255, 255);\">an attacker with access to the software package</span>\n\n could perform arbitrary code execution .&nbsp;<span style=\"background-color: rgb(255, 255, 255);\">This security issue has been fixed in the latest version of EUC which is available on the Eaton download center.</span>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-427", "description": "CWE-427 Uncontrolled Search Path Element"}]}], "providerMetadata": {"orgId": "63703b7d-23e2-41ef-94b3-a3c6333f7759", "shortName": "Eaton", "dateUpdated": "2025-12-26T06:59:41.375Z"}}}, "cveMetadata": {"cveId": "CVE-2025-67450", "state": "PUBLISHED", "dateUpdated": "2025-12-26T14:55:51.712Z", "dateReserved": "2025-12-08T12:25:10.744Z", "assignerOrgId": "63703b7d-23e2-41ef-94b3-a3c6333f7759", "datePublished": "2025-12-26T06:59:41.375Z", "assignerShortName": "Eaton"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:eaton:ups_companion:*:*:*:*:*:*:*:*", "matchCriteriaId": "7BC00703-4C6B-4A5B-AC24-01DE7F519FCB", "versionEndExcluding": "3.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Due to insecure library loading in the Eaton UPS Companion software executable,\u00a0an attacker with access to the software package\n\n could perform arbitrary code execution .\u00a0This security issue has been fixed in the latest version of EUC which is available on the Eaton download center."}], "id": "CVE-2025-67450", "lastModified": "2026-02-18T14:38:52.450", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.1, "impactScore": 6.0, "source": "CybersecurityCOE@eaton.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.1, "impactScore": 6.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2025-12-26T07:15:45.850", "references": [{"source": "CybersecurityCOE@eaton.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/etn-va-2025-1027.pdf"}], "sourceIdentifier": "CybersecurityCOE@eaton.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-427"}], "source": "CybersecurityCOE@eaton.com", "type": "Secondary"}]}

{}

{"created": "2025-12-29T23:04:13.725249+00:00", "updated": "2025-12-29T23:04:13.725288+00:00", "vendors": ["eaton", "eaton$PRODUCT$ups_companion"]}