Libraesva rolled out an emergency update for its Email Security Gateway (ESG) solution to fix a vulnerability exploited by threat actors believed to be state sponsored.
The email security product protects email systems from phishing, malware, spam, business email compromise, and spoofing, using a multi-layer protection architecture.
According to the vendor, Libraesva ESG is used by thousands of small and medium businesses as well as large enterprises worldwide, serving over 200,000 users.
The security issue, tracked under CVE-2025-59689, received a medium-severity score. It is triggered by sending a maliciously crafted email attachment and allows executing arbitrary shell commands from a non-privileged user account.
“Libraesva ESG is affected by a command injection flaw that can be triggered by a malicious e-mail containing a specially crafted compressed attachment, allowing potential execution of arbitrary commands as a non-privileged user,” reads the security bulletin.
“This occurs due to an improper sanitization during the removal of active code from files contained in some compressed archive formats,” Libraesva explains.
According to the vendor, there has been at least one confirmed incident of an attacker "believed to be a foreign hostile state entity" leveraging the flaw in attacks.
CVE-2025-59689 impacts all versions of Libraesva ESG from 4.5 and later, but fixes are available in the following:
5.0.31
5.1.20
... continue reading