CVE-2025-59890 is a path traversal vulnerability classified under CWE-22, found in Eaton Galileo software, specifically within the file archives upload functionality. The root cause is improper input sanitization that fails to restrict pathname inputs to a designated directory. This flaw enables an attacker possessing local access and high privileges to manipulate file paths, potentially accessing or overwriting files outside the intended directory scope. Such unauthorized access can lead to execution of arbitrary code or commands, compromising system confidentiality, integrity, and availability. The vulnerability's CVSS 3.1 score is 7.3, reflecting high severity due to its potential impact and ease of exploitation given local privileged access. The scope is considered changed (S:C) because exploitation can affect resources beyond the vulnerable component. No user interaction is required, but the attacker must have elevated privileges, limiting remote exploitation. Eaton has acknowledged and fixed the vulnerability in the latest Galileo software release, available through their official download center. No public exploits have been reported to date, but the vulnerability poses a significant risk if left unpatched, especially in environments where Galileo software is deployed for critical infrastructure or industrial control systems.

For European organizations, this vulnerability poses a significant risk, particularly those in sectors relying on Eaton Galileo software for industrial control, power management, or critical infrastructure. Successful exploitation can lead to unauthorized code execution, potentially disrupting operations, causing data breaches, or enabling further lateral movement within networks. The impact on availability is high, as attackers could execute commands that disrupt system functionality. Confidentiality and integrity are also at risk due to unauthorized file access or modification. Given the requirement for local privileged access, insider threats or compromised accounts pose the greatest risk. The vulnerability could facilitate sabotage, espionage, or operational downtime, which are critical concerns for European energy, manufacturing, and infrastructure sectors. Prompt patching is essential to prevent exploitation and maintain operational resilience.

European organizations should immediately verify their use of Eaton Galileo software and identify affected versions. The primary mitigation is to upgrade to the latest patched version of Galileo available from Eaton's official download center. Until patching is complete, restrict local access to systems running the vulnerable software to trusted personnel only and enforce strict privilege management to minimize the risk of unauthorized access. Implement monitoring and logging of file upload activities and unusual command executions to detect potential exploitation attempts. Employ application whitelisting and endpoint protection solutions to prevent unauthorized code execution. Conduct regular audits of user privileges and access controls on affected systems. Additionally, network segmentation can limit the spread of an attacker who gains local access. Finally, ensure incident response plans include scenarios involving local privilege abuse and path traversal exploitation.