Is Borg SPM 2007 affected by EUVD-2026-25209?

Borg SPM 2007, a discontinued product, contains a critical remote code execution vulnerability (CVE-2026-6885, CVSS 9.3) that allows unauthenticated attackers to upload and execute malicious code over the network without authentication, resulting in complete server compromise.

Borg SPM 2007 EUVD-2026-25209

| CVE-2026-6885 CRITICAL

Unrestricted Upload of File with Dangerous Type (CWE-434)

2026-04-23 twcert

GHSA-4m3v-5p6w-fv99

RCE File Upload Borg Spm 2007

9.3

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Lifecycle Timeline

Analysis Generated

Apr 23, 2026 - 10:30 vuln.today

CVSS changed

Apr 23, 2026 - 10:22 NVD

9.8 (CRITICAL) 9.3 (CRITICAL)

DescriptionNVD

Borg SPM 2007 (Sales Ended in 2008) developed by BorG Technology Corporation has an Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server.

AnalysisAI

Remote code execution in Borg SPM 2007 allows unauthenticated attackers to upload and execute web shell backdoors via unrestricted file upload vulnerability. This discontinued product (sales ended 2008) remains exploitable over the network with no authentication required, enabling full server compromise. …

RemediationAI

Within 24 hours: Scan network infrastructure for active Borg SPM 2007 instances using port scanning and vulnerability assessment tools; isolate any discovered systems from internet-facing networks immediately. Within 7 days: Complete asset inventory of all Borg SPM 2007 systems; if business-critical, engage vendor support or third-party security firm for custom patching assessment; begin planning decommissioning timelines. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

EUVD-2026-25209 vulnerability details – vuln.today

Back

Borg SPM 2007 EUVD-2026-25209

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Analysis

Full analysis requires sign-in

Share

Borg SPM 2007 EUVD-2026-25209

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code