Last December Eaton issued an advisory for their xComfort Ethernet Communication Interface (CVE-2025-59886) for a remote code execution/command injection vulnerability. Proof of concept exploit code has recently been published on GitHub.
Eaton’s advisory was released on December 22nd, and the xComfort ECI product was discontinued and will no longer receive security updates after November 30th, 2025. If your organization uses these Eaton devices it is recommended to isolate them to prevent unauthorized access and to prioritize upgrading or replacing them with a supported alternative.
For those of you on internal and external security teams, keep an eye out for Eaton xComfort so that we can bring attention to these out-of-date devices with trivially easy to exploit vulnerabilities.
Jason Taylor
About The Exploit
The Exploit is written by Raxis penetration testers. Every post is a technical writeup from someone who runs engagements for a living, with code, command output, and the reasoning behind each step. Topics include exploit research, vulnerability disclosure, tool development, and the offensive techniques showing up in current client work.
Search The Exploit Blog
Raxis Discovered Vulnerabilities
View the CVEs and bugs that Raxis pentesters have uncovered and submitted.
Work With the Pentesters Who Wrote This Blog
The engineers behind these posts run real engagements every week. Put them on your network, web apps, APIs, or cloud and see what an attacker would find first.
Blog Categories
- AI
- Careers
- Choosing a Penetration Testing Company
- Exploits
- How To
- In The News
- Injection Attacks
- Just For Fun
- Meet Our Team
- Mobile Apps
- Networks
- Password Cracking
- Patching
- Penetration Testing
- Phishing
- PTaaS
- Raxis Discovered Vulnerabilities
- Raxis In The Community
- Red Team
- Security Recommendations
- Social Engineering
- Tips For Everyone
- Web Apps
- What People Are Saying
- Wireless
