CVE-2025-9588
10.0 CRITICALImproper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Iron Mountain Archiving Servi...
Published: 2025-09-23 · Last updated: 2026-06-05
Severity and scoring
- CVSS
- 10.0 CRITICAL
- Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
- CWE
- CWE-78
Affected products
| Vendor | Product |
|---|---|
| ironmountain | envision |
Description
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Iron Mountain Archiving Services Inc. EnVision allows Command Injection. This issue affects enVision: before 250563.
Source: NVD
References
Related CVEs
Same CWE
- CVE-2026-46716 — Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool (9.9 CRITICAL)
- CVE-2026-42853 — ApostropheCMS is an open-source Node.js content management system (6.5 MEDIUM)
- CVE-2026-48165 — MariaDB server is a community developed fork of MySQL server (8.0 HIGH)
- CVE-2026-48163 — MariaDB server is a community developed fork of MySQL server (8.0 HIGH)
- CVE-2026-44170 — MariaDB server is a community developed fork of MySQL server