CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-59886

Improper input validation at one of the endpoints of Eaton xComfort ECI's web interface, could lead into an attacker with network access to the device executing privileged user commands. As cybersecurity standards continue to evolve and to meet our requirements today, Eaton has decided to discontinue the product. Upon retirement or end of support, there will be no new security updates, non-security updates, or paid assisted support options, or online technical content updates.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 23.8%

CVSS Severity

CVSS v3 Score 8.8

References

https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/etn-va-2025-1022.pdf

Products affected by CVE-2025-59886

Eaton » Xcomfort Ethernet Communication Interface » Version: N/A

cpe:2.3:a:eaton:xcomfort_ethernet_communication_interface:-
Eaton » Xcomfort Ethernet Communication Interface » Version: 1.07

cpe:2.3:a:eaton:xcomfort_ethernet_communication_interface:1.07

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-59886

Products

Pricing

Contact Us