Libraesva rolled out an emergency replace for its Electronic mail Safety Gateway (ESG) answer to repair a vulnerability exploited by risk actors believed to be state sponsored.
The e-mail security product protects e mail techniques from phishing, malware, spam, enterprise e mail compromise, and spoofing, utilizing a multi-layer safety structure.
In line with the seller, Libraesva ESG is utilized by hundreds of small and medium companies in addition to massive enterprises worldwide, serving over 200,000 customers.
The security situation, tracked underneath CVE-2025-59689, acquired a medium-severity rating. It’s triggered by sending a maliciously crafted e mail attachment and permits executing arbitrary shell instructions from a non-privileged consumer account.
“Libraesva ESG is affected by a command injection flaw that may be triggered by a malicious e-mail containing a specifically crafted compressed attachment, permitting potential execution of arbitrary instructions as a non-privileged consumer,” reads the security bulletin.
“This happens resulting from an improper sanitization in the course of the removing of energetic code from recordsdata contained in some compressed archive codecs,” Libraesva explains.
In line with the seller, there was at the very least one confirmed incident of an attacker “believed to be a overseas hostile state entity” leveraging the flaw in assaults.
CVE-2025-59689 impacts all variations of Libraesva ESG from 4.5 and later, however fixes can be found within the following:
- 5.0.31
- 5.1.20
- 5.2.31
- 5.3.16
- 5.4.8
- 5.5.7
Prospects utilizing variations beneath 5.0 should improve manually to a supported launch, as they’ve reached end-of-life and won’t be receiving a patch for CVE-2025-59689.
Libraesva says that the patch was launched as an emergency replace 17 hours after discovering the exploitation. The repair was deployed routinely to each cloud and on-premise deployments.
The patch features a sanitization repair to handle the foundation reason behind the flaw, an automatic scan for indicators of compromise to find out if the setting has already been breached, and a self-assessment module that verifies the proper software of the security replace.
The seller additionally commented on the assault, saying that the risk actor specializing in a single equipment signifies precision, highlighting the significance of fast remediation motion.
46% of environments had passwords cracked, almost doubling from 25% final yr.
Get the Picus Blue Report 2025 now for a complete take a look at extra findings on prevention, detection, and knowledge exfiltration traits.
