Details of VAR-202512-3707

ID

VAR-202512-3707

CVE

CVE-2025-59886

TITLE

Eaton of xComfort Ethernet Communication Interface Input verification vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2025-026089

DESCRIPTION

Improper input validation at one of the endpoints of Eaton xComfort ECI's web interface, could lead into an attacker with network access to the device executing privileged user commands. As cybersecurity standards continue to evolve and to meet our requirements today, Eaton has decided to discontinue the product. Upon retirement or end of support, there will be no new security updates, non-security updates, or paid assisted support options, or online technical content updates. All information handled by the software may be rewritten. Furthermore, the software may stop working completely. Furthermore, attacks that exploit this vulnerability will not affect other software

Trust: 1.62

sources: NVD: CVE-2025-59886 // JVNDB: JVNDB-2025-026089

AFFECTED PRODUCTS

vendor:	eaton	model:	xcomfort ethernet communication interface	scope:	eq	version:	*	Trust: 1.0
vendor:	eaton	model:	xcomfort ethernet communication interface	scope:	eq	version:	-	Trust: 0.8
vendor:	eaton	model:	xcomfort ethernet communication interface	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2025-026089 // NVD: CVE-2025-59886

CVSS

SEVERITY

CVSSV2

CVSSV3

CybersecurityCOE@eaton.com:	CVE-2025-59886
value:	HIGH
Trust: 1.0
OTHER:	JVNDB-2025-026089
value:	HIGH
Trust: 0.8

CybersecurityCOE@eaton.com:	CVE-2025-59886
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2025-026089
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2025-026089 // NVD: CVE-2025-59886

PROBLEMTYPE DATA

problemtype:	CWE-20	Trust: 1.0
problemtype:	Inappropriate input confirmation (CWE-20) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2025-026089 // NVD: CVE-2025-59886

PATCH

title:

https

url:

https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/etn-va-2025-1022.pdf

Trust: 0.8

sources: JVNDB: JVNDB-2025-026089

EXTERNAL IDS

db:	NVD	id:	CVE-2025-59886	Trust: 2.6
db:	JVNDB	id:	JVNDB-2025-026089	Trust: 0.8

sources: JVNDB: JVNDB-2025-026089 // NVD: CVE-2025-59886

REFERENCES

url:	https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/etn-va-2025-1022.pdf	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2025-59886	Trust: 0.8

sources: JVNDB: JVNDB-2025-026089 // NVD: CVE-2025-59886

SOURCES

db:	JVNDB	id:	JVNDB-2025-026089
db:	NVD	id:	CVE-2025-59886

LAST UPDATE DATE

2026-02-21T23:26:21.871000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2025-026089	date:	2026-02-20T02:17:00
db:	NVD	id:	CVE-2025-59886	date:	2026-02-18T14:39:24.770

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2025-026089	date:	2026-02-20T00:00:00
db:	NVD	id:	CVE-2025-59886	date:	2025-12-23T12:15:45.170