Libraesva rolled out an emergency replace for its E-mail Safety Gateway (ESG) resolution to repair a vulnerability exploited by risk actors believed to be state sponsored.
The e-mail safety product protects e mail programs from phishing, malware, spam, enterprise e mail compromise, and spoofing, utilizing a multi-layer safety structure.
In response to the seller, Libraesva ESG is utilized by hundreds of small and medium companies in addition to giant enterprises worldwide, serving over 200,000 customers.
The safety situation, tracked underneath CVE-2025-59689, acquired a medium-severity rating. It’s triggered by sending a maliciously crafted e mail attachment and permits executing arbitrary shell instructions from a non-privileged person account.
“Libraesva ESG is affected by a command injection flaw that may be triggered by a malicious e-mail containing a specifically crafted compressed attachment, permitting potential execution of arbitrary instructions as a non-privileged person,” reads the safety bulletin.
“This happens as a result of an improper sanitization through the elimination of energetic code from recordsdata contained in some compressed archive codecs,” Libraesva explains.
In response to the seller, there was at the very least one confirmed incident of an attacker “believed to be a overseas hostile state entity” leveraging the flaw in assaults.
CVE-2025-59689 impacts all variations of Libraesva ESG from 4.5 and later, however fixes can be found within the following:
- 5.0.31
- 5.1.20
- 5.2.31
- 5.3.16
- 5.4.8
- 5.5.7
Prospects utilizing variations beneath 5.0 should improve manually to a supported launch, as they’ve reached end-of-life and won’t be receiving a patch for CVE-2025-59689.
Libraesva says that the patch was launched as an emergency replace 17 hours after discovering the exploitation. The repair was deployed mechanically to each cloud and on-premise deployments.
The patch features a sanitization repair to handle the foundation reason behind the flaw, an automatic scan for indicators of compromise to find out if the atmosphere has already been breached, and a self-assessment module that verifies the right utility of the safety replace.
The seller additionally commented on the assault, saying that the risk actor specializing in a single equipment signifies precision, highlighting the significance of fast remediation motion.
46% of environments had passwords cracked, practically doubling from 25% final 12 months.
Get the Picus Blue Report 2025 now for a complete take a look at extra findings on prevention, detection, and knowledge exfiltration traits.
