{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-59886", "assignerOrgId": "63703b7d-23e2-41ef-94b3-a3c6333f7759", "state": "PUBLISHED", "assignerShortName": "Eaton", "dateReserved": "2025-09-23T08:34:05.389Z", "datePublished": "2025-12-23T11:31:31.339Z", "dateUpdated": "2025-12-23T11:31:31.339Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Eaton xComfort ECI", "vendor": "Eaton", "versions": [{"lessThanOrEqual": "All versions", "status": "affected", "version": "0", "versionType": "custom"}]}], "datePublic": "2025-12-23T11:19:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Improper input validation at one of the endpoints of Eaton xComfort ECI's \n\n<span style=\"background-color: rgb(255, 255, 255);\">web interface</span>, could lead into an attacker with network access to the device executing privileged user commands.&nbsp;As cybersecurity\nstandards continue to evolve and to meet our requirements today, Eaton has decided to discontinue the\nproduct. Upon retirement or end of support, there will be no new security updates, non-security\nupdates, or paid assisted support options, or online technical content updates."}], "value": "Improper input validation at one of the endpoints of Eaton xComfort ECI's \n\nweb interface, could lead into an attacker with network access to the device executing privileged user commands.\u00a0As cybersecurity\nstandards continue to evolve and to meet our requirements today, Eaton has decided to discontinue the\nproduct. Upon retirement or end of support, there will be no new security updates, non-security\nupdates, or paid assisted support options, or online technical content updates."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "description": "CWE-20 Improper Input Validation", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "63703b7d-23e2-41ef-94b3-a3c6333f7759", "shortName": "Eaton", "dateUpdated": "2025-12-23T11:31:31.339Z"}, "references": [{"url": "https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/etn-va-2025-1022.pdf"}], "source": {"discovery": "UNKNOWN"}, "tags": ["unsupported-when-assigned"], "x_generator": {"engine": "Vulnogram 0.5.0"}}}}

{}

{"cveTags": [{"sourceIdentifier": "CybersecurityCOE@eaton.com", "tags": ["unsupported-when-assigned"]}], "descriptions": [{"lang": "en", "value": "Improper input validation at one of the endpoints of Eaton xComfort ECI's \n\nweb interface, could lead into an attacker with network access to the device executing privileged user commands.\u00a0As cybersecurity\nstandards continue to evolve and to meet our requirements today, Eaton has decided to discontinue the\nproduct. Upon retirement or end of support, there will be no new security updates, non-security\nupdates, or paid assisted support options, or online technical content updates."}], "id": "CVE-2025-59886", "lastModified": "2025-12-23T12:15:45.170", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "CybersecurityCOE@eaton.com", "type": "Secondary"}]}, "published": "2025-12-23T12:15:45.170", "references": [{"source": "CybersecurityCOE@eaton.com", "url": "https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/etn-va-2025-1022.pdf"}], "sourceIdentifier": "CybersecurityCOE@eaton.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "CybersecurityCOE@eaton.com", "type": "Secondary"}]}

{}

{}