Primary

Context

Iron Mountain EnVision OS Command Injection Vulnerability

Vulnerability

A command injection vulnerability has been identified in Iron Mountain Archiving Services Inc. EnVision, prior to version 250563. This vulnerability allows for improper neutralization of special elements used in operating system commands, enabling attackers to execute arbitrary commands on the server.

Impact

Exploitation of this vulnerability could allow attackers to execute arbitrary commands on the server where EnVision is running.

Remediation

Users and system administrators are advised to upgrade to version 250563 or later.

Added: Sep 23, 2025, 8:17 AM

Updated: Sep 23, 2025, 8:17 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

7.4

remediation

7.7

relevance

0.6

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

7.4

remediation

7.7

relevance

0.6

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Iron Mountain EnVision OS Command Injection Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating