CVE-2025-59886

HIGH

Eaton xComfort ECI - Privilege Escalation

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-59886. PoCs published by mdunfjeld.

AI-analyzed exploit summary This PoC exploits a command injection vulnerability in Eaton xComfort ECI by injecting a payload into the 'val_dst' parameter of the 'start-ping.sh' CGI script. The payload executes the provided command and returns the output via an HTTP header.

Description

Improper input validation at one of the endpoints of Eaton xComfort ECI's web interface, could lead into an attacker with network access to the device executing privileged user commands. As cybersecurity standards continue to evolve and to meet our requirements today, Eaton has decided to discontinue the product. Upon retirement or end of support, there will be no new security updates, non-security updates, or paid assisted support options, or online technical content updates.

Exploits (1)

nomisec WORKING POC 2 stars
by mdunfjeld · poc
https://github.com/mdunfjeld/cve-2025-59886

This PoC exploits a command injection vulnerability in Eaton xComfort ECI by injecting a payload into the 'val_dst' parameter of the 'start-ping.sh' CGI script. The payload executes the provided command and returns the output via an HTTP header.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Eaton xComfort ECI
Auth required
Prerequisites: Network access to the target device · Valid admin credentials
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Scores

CVSS v3 8.8
EPSS 0.0028
EPSS Percentile 19.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-20
Status published
Products (1)
eaton/xcomfort_ethernet_communication_interface
Published Dec 23, 2025
Tracked Since Feb 18, 2026