CVE-2025-59890
7.3
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H
Summary
Improper input sanitization in the file archives upload functionality of Eaton Galileo software allows traversing paths which could lead into an attacker with local access to execute unauthorized code or commands. This security issue has been fixed in the latest version of Galileo which is available on the Eaton download center.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Eaton | Eaton Galileo Software | 0 <= 11.1.1 | affected |
Weaknesses
- CWE-22: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.