CVE-2025-67450

{"id": "CVE-2025-67450", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "CybersecurityCOE@eaton.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 1.1}]}, "published": "2025-12-26T07:15:45.850", "references": [{"url": "https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/etn-va-2025-1027.pdf", "source": "CybersecurityCOE@eaton.com"}], "vulnStatus": "Undergoing Analysis", "weaknesses": [{"type": "Secondary", "source": "CybersecurityCOE@eaton.com", "description": [{"lang": "en", "value": "CWE-427"}]}], "descriptions": [{"lang": "en", "value": "Due to insecure library loading in the Eaton UPS Companion software executable,\u00a0an attacker with access to the software package\n\n could perform arbitrary code execution .\u00a0This security issue has been fixed in the latest version of EUC which is available on the Eaton download center."}], "lastModified": "2025-12-29T15:57:37.560", "sourceIdentifier": "CybersecurityCOE@eaton.com"}