CVE-2025-9588
OS Command Injection in Iron Mountain's enVision
Vexday Risk Score
28Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 10EPSS 1.1%KEV nãoPoC —Nuclei —Metasploit —Patch —
Lifecycle
23 Sep 2025Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Iron Mountain Archiving Services Inc. EnVision allows Command Injection.
This issue affects enVision: before 250563.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Affected products
Iron Mountain Archiving Services Inc. · enVision