← back
CVE-2025-9588

OS Command Injection in Iron Mountain's enVision

CVSS 10 CRITICALEPSS 1.1%CWE-78
Vexday Risk Score
28Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 10EPSS 1.1%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
23 Sep 2025Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Iron Mountain Archiving Services Inc. EnVision allows Command Injection. This issue affects enVision: before 250563.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H