Cyber Posture

CVE-2025-59886

High

Published: 23 December 2025

Published
23 December 2025
Modified
18 February 2026
KEV Added
Patch
CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0013 32.2th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Description

Improper input validation at one of the endpoints of Eaton xComfort ECI's web interface, could lead into an attacker with network access to the device executing privileged user commands. As cybersecurity standards continue to evolve and to meet our requirements…

more

today, Eaton has decided to discontinue the product. Upon retirement or end of support, there will be no new security updates, non-security updates, or paid assisted support options, or online technical content updates.

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match
prevent

Directly requires implementation of input validation at web interface endpoints to prevent exploitation of the improper input validation vulnerability (CWE-20).

SA-22 Unsupported System Components good match
prevent

Prohibits the use of discontinued and unsupported components like Eaton xComfort ECI, preventing exposure to unpatchable vulnerabilities.

SI-2 Flaw Remediation good match
prevent

Mandates identification and remediation of flaws like this command execution vulnerability through isolation or retirement of affected EOL devices.

Security SummaryAI

CVE-2025-59886 is an improper input validation vulnerability (CWE-20) affecting one of the endpoints in the web interface of Eaton xComfort ECI, a networked device. Rated at CVSS 3.1 score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), it stems from inadequate validation of inputs, enabling unauthorized command execution. The vulnerability was published on 2025-12-23.

An attacker with network access to the affected Eaton xComfort ECI device and low privileges (PR:L) can exploit this vulnerability without user interaction. Successful exploitation allows the execution of privileged user commands, potentially resulting in high-impact compromise of confidentiality, integrity, and availability.

Eaton's security bulletin (ETN-VA-2025-1022) advises that the xComfort ECI product has been discontinued to align with evolving cybersecurity standards. No patches, security updates, non-security updates, paid support, or technical content updates will be provided post-retirement.

Security practitioners should prioritize isolating or retiring affected xComfort ECI devices from networks, as no mitigations beyond discontinuation are available.

Details

CWE(s)
CWE-20

Affected Products

eaton
xcomfort ethernet communication interface
all versions

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
attack.mitre.org →
Why these techniques?

Vulnerability in public-facing web interface enables remote exploitation for unauthorized privileged command execution (T1190: Exploit Public-Facing Application; T1068: Exploitation for Privilege Escalation).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References