Published:2026/01/13 Last Updated:2026/01/13
JVN#48187396
Multiple vulnerabilities in EATON UPS Companion
Overview
EATON UPS Companion provided by Eaton contains multiple vulnerabilities.
Products Affected
- EATON UPS Companion versions prior to 3.0
Description
EATON UPS Companion provided by Eaton contains multiple vulnerabilities listed below.
- Uncontrolled search path element (CWE-427, CVE-2025-59887)
- Unquoted search path or element (CWE-428, CVE-2025-59888)
Impact
- Arbitrary code may be executed with the privilege of the user invoking the installer (CVE-2025-59887)
- A user with write privileges on the root directory of the system drive may execute arbitrary code with SYSTEM privilege (CVE-2025-59888)
Solution
Update the Software
Update the software to the latest version according to the information provided by the developer.
For more information, refer to the information provided by the developer.
Vendor Status
References
-
Japan Vulnerability Notes JVNTA#91240916
Insecure DLL Loading and Command Execution Issues on Many Windows Application Programs
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
Credit
Kazuma Matsumoto of GMO Cybersecurity by IERAE, Inc. reported these vulnerabilities to the developer and IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
Other Information
| JPCERT Alert |
|
| JPCERT Reports |
|
| CERT Advisory |
|
| CPNI Advisory |
|
| TRnotes |
|
| CVE |
|
| JVN iPedia |
JVNDB-2026-000005 |