CVE-2025-59890 is a path traversal vulnerability classified under CWE-22 found in Eaton Galileo software, specifically in the file archives upload functionality. The flaw arises from improper input sanitization, which allows an attacker with local access and high privileges to craft file paths that traverse outside the intended restricted directories. This can lead to unauthorized code or command execution on the affected system. The vulnerability requires local access with elevated privileges (PR:H) but does not require user interaction (UI:N). The CVSS v3.1 base score is 7.3, reflecting high severity due to the potential for significant impact on confidentiality, integrity, and availability (C:L/I:L/A:H). The scope is changed (S:C), indicating that exploitation could affect resources beyond the initially vulnerable component. Eaton has fixed this vulnerability in the latest version of Galileo software, which is available on their download center. No public exploits have been reported yet, but the vulnerability poses a serious risk in environments where the software is deployed. The vulnerability is particularly concerning in industrial and critical infrastructure contexts where Eaton products are commonly used, as unauthorized code execution could disrupt operations or lead to further compromise.

For European organizations, this vulnerability poses a significant risk, especially in sectors such as manufacturing, energy, utilities, and critical infrastructure where Eaton Galileo software is deployed for power management and industrial control. Exploitation could lead to unauthorized code execution, potentially allowing attackers to manipulate system operations, disrupt services, or exfiltrate sensitive data. The requirement for local privileged access limits remote exploitation but does not eliminate risk, as insider threats or attackers who gain initial footholds could leverage this vulnerability to escalate privileges or move laterally. The impact on availability is high, as malicious code execution could disrupt critical industrial processes. Confidentiality and integrity impacts are also notable, as attackers could access or modify sensitive configuration or operational data. Given Europe's strong industrial base and reliance on such control systems, the vulnerability could have cascading effects on operational continuity and safety.

European organizations should immediately update Eaton Galileo software to the latest patched version available from Eaton's official download center. Beyond patching, organizations should enforce strict access controls to limit local privileged access to trusted personnel only. Implementing robust endpoint protection and monitoring for anomalous file upload or command execution activities can help detect exploitation attempts. Network segmentation should isolate systems running Galileo software to reduce lateral movement opportunities. Regular audits of user privileges and file system permissions can prevent unauthorized access. Additionally, organizations should consider employing application whitelisting to restrict execution of unauthorized code. Incident response plans should be updated to include scenarios involving local privilege escalation and path traversal attacks. Finally, educating staff about the risks of local privilege misuse and maintaining up-to-date backups will aid in recovery if exploitation occurs.