Severity by source
AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
Lifecycle Timeline
7DescriptionCVE.org
Eaton Intelligent Power Protector (IPP) is affected by insecure library loading in its executable, which could lead to arbitrary code execution by an attacker with access to the software package. This security issue has been fixed in the latest version of Eaton IPP software which is available on the Eaton download center.
AnalysisAI
Arbitrary code execution in Eaton Intelligent Power Protector (IPP) software via insecure library loading allows local authenticated attackers with low privileges to execute code with elevated integrity impact across security boundaries. Attack complexity is high, requiring the attacker to have access to the software package installation files. EPSS data unavailable; no CISA KEV listing or public POC identified at time of analysis. Eaton has released a patched version available through their download center.
Technical ContextAI
This vulnerability exploits insecure library loading, commonly known as DLL hijacking or binary planting on Windows systems. When the IPP executable launches, it searches for required libraries in an insecure manner-typically checking the application directory or current working directory before system paths. An attacker with access to the software package can place a malicious library in a location where the IPP executable will load it during initialization. The CVSS vector indicates scope change (S:C), meaning successful exploitation allows the attacker to impact resources beyond the vulnerable component's security scope, likely escalating from a low-privileged user context to system-level execution. The affected product is identified by CPE cpe:2.3:a:eaton:ipp_software, though specific vulnerable version ranges are not provided in available data.
RemediationAI
Upgrade to the latest version of Eaton Intelligent Power Protector software available from the Eaton download center, as confirmed by security bulletin ETN-VA-2025-1025 at https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/etn-va-2025-1025.pdf. The exact fixed version number is not specified in available data; consult the bulletin directly for version-specific guidance. If immediate patching is not feasible, implement compensating controls: restrict file system permissions on the IPP installation directory to prevent unauthorized users from placing malicious libraries (requires admin rights to modify ACLs, may complicate legitimate software updates); deploy application whitelisting to prevent execution of unsigned DLLs from the IPP directory (may require tuning to avoid blocking legitimate IPP components); monitor for suspicious DLL loads using EDR solutions configured to alert on library loading from non-standard paths (generates operational overhead for security teams). These mitigations reduce but do not eliminate risk, as they depend on correct configuration and may be bypassed by attackers with sufficient privileges. Patching remains the definitive remediation.
More in Ipp Software
View allEaton Intelligent Power Protector (IPP) software allows brute-force credential attacks against the web interface login p
Eaton Intelligent Power Protector (IPP) software allows authenticated administrators with local system access to execute
Insecure HTTP response header configuration in Eaton Intelligent Power Protector (IPP) software enables attackers to per
Eaton Intelligent Power Protector (IPP) software uses insecure cookie configuration that allows network attackers to int
Same weakness CWE-427 – Uncontrolled Search Path Element
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-23178
GHSA-w3cg-4gfc-vw5x