Libraesva ESG command injection flaw actively exploited (CVE-2025-59689)

Vulnerability

First reported

24.09.2025 09:24

Last updated

24.09.2025 09:24

Happening score

H score 20

1 unique sources, 1 articles

Summary

Hide ▲

CVE-2025-59689 is a Libraesva ESG command injection flaw being exploited by state-sponsored threat actors, creating risk of arbitrary command execution on affected gateways. The issue affects ESG 4.5 through 5.5.x before 5.5.7 and can be triggered by a malicious email carrying a specially crafted compressed attachment. Libraesva has released fixes and told users to move to the latest supported version as soon as possible.

Timeline

24.09.2025 09:24 2 articles · 8mo ago

Libraesva patches CVE-2025-59689 in ESG after confirmed abuse

Mitigation Patch Update
Libraesva released security updates for Email Security Gateway (ESG) after confirming one incident of abuse linked to state-sponsored threat actors. CVE-2025-59689 is a command injection flaw that can be triggered by a malicious email containing a specially crafted compressed attachment, potentially allowing arbitrary commands as a non-privileged user. Fixes were released for 5.0.31, 5.1.20, 5.2.31, 5.3.16, 5.4.8, and 5.5.7, and versions below 5.0 require manual upgrade to a supported release.
Show sources

State-Sponsored Hackers Exploiting Libraesva Email Security Gateway Vulnerability — thehackernews.com — 24.09.2025 09:24

State-Sponsored Hackers Exploiting Libraesva Email Security Gateway Vulnerability — thehackernews.com — 24.09.2025 09:24
Open in new tab

Summary

Timeline

Libraesva patches CVE-2025-59689 in ESG after confirmed abuse