CVE-2025-59887 is a vulnerability classified under CWE-427 (Uncontrolled Search Path Element) affecting Eaton UPS Companion Software. The issue arises from improper authentication and validation of library files during the installation process of the software. Specifically, the installer does not securely verify the origin or integrity of dynamic link libraries (DLLs) or other library files it loads, allowing an attacker who can place malicious libraries in the search path to execute arbitrary code with the privileges of the user running the installer. The vulnerability requires local access to the system and user interaction to initiate the installation process, but it does not require prior authentication, making it accessible to any user with local access. The vulnerability impacts the confidentiality, integrity, and availability of the affected systems, as arbitrary code execution can lead to full system compromise, data theft, or disruption of UPS management functions. Eaton has released a fixed version of the UPS Companion Software, which addresses the insecure search path handling by properly authenticating and validating library files during installation. Although no known exploits have been reported in the wild, the vulnerability's high CVSS score of 8.6 reflects its critical nature and potential for severe impact if exploited. The vulnerability is particularly concerning for organizations relying on Eaton UPS systems for power management and infrastructure stability, as compromise could disrupt critical operations. The vulnerability was publicly disclosed on December 26, 2025, with Eaton as the assigner and vendor. The affected versions are unspecified but presumably all prior to the patched release. The vulnerability's exploitation vector is local (AV:L), with low attack complexity (AC:L), no privileges required (PR:N), but requires user interaction (UI:R). The scope is changed (S:C), indicating that exploitation can affect resources beyond the initially vulnerable component. The impact on confidentiality, integrity, and availability is high (C:H/I:H/A:H).

For European organizations, this vulnerability poses a significant risk to critical infrastructure and industrial environments that depend on Eaton UPS Companion Software for power management and uninterruptible power supply monitoring. Successful exploitation could lead to arbitrary code execution, allowing attackers to disrupt power management systems, cause downtime, or gain persistent footholds within enterprise networks. This could impact data centers, manufacturing plants, hospitals, and other facilities where power continuity is essential. The compromise of UPS management software could also lead to cascading failures in connected systems, affecting operational technology (OT) environments. Given the high confidentiality, integrity, and availability impact, organizations could face operational disruptions, data breaches, and regulatory compliance issues under GDPR if sensitive data is exposed or systems are compromised. The requirement for local access and user interaction somewhat limits remote exploitation but insider threats or attackers with initial footholds could leverage this vulnerability to escalate privileges and move laterally within networks. The absence of known exploits in the wild provides a window for proactive patching and mitigation before widespread attacks occur.

European organizations should immediately verify if they use Eaton UPS Companion Software and identify affected versions. They must update to the latest patched version available from Eaton's official download center to remediate the vulnerability. Until patching is complete, organizations should restrict local access to systems running the software, enforce strict user privilege management to limit installation capabilities, and monitor for suspicious activity related to software installation or DLL loading. Implement application whitelisting and integrity verification mechanisms to detect unauthorized or tampered library files. Conduct user awareness training to prevent inadvertent execution of malicious installers. Network segmentation should be employed to isolate critical UPS management systems from general user environments. Additionally, organizations should audit software deployment processes to ensure secure handling and validation of installation packages. Regular vulnerability scanning and endpoint detection and response (EDR) solutions can help identify attempts to exploit this vulnerability. Finally, maintain an incident response plan tailored to potential UPS system compromises to minimize operational impact.