Libraesva has addressed a vulnerability in its built-in electronic mail security platform that has been exploited within the wild.
Tracked as CVE-2025-59689 (CVSS rating of 6.1), the flaw is described as a command injection challenge that might result in the execution of arbitrary instructions as a non-privileged person.
Based on Libraesva’s advisory, the bug might be exploited by way of malicious emails containing crafted compressed attachments.
“This happens on account of an improper sanitization through the removing of energetic code from information contained in some compressed archive codecs,” the corporate explains.
The CVE is triggered with particular archive codecs containing payloads that exploit an improper enter sanitization bug to execute arbitrary shell instructions.
The security defect impacts Libraesva ESG variations 4.5 by means of 5.5, however fixes have been launched just for ESG 5.x variations, because the 4.x variations have been discontinued.
Libraesva pushed the patches to each cloud and on-premise ESG deployments and says all home equipment at the moment are operating a hard and fast software program iteration.
Clients operating on-premise ESG 4.x variations are suggested to manually replace to a patched 5.x model as quickly as potential, provided that the vulnerability has been exploited.
“One confirmed incident of abuse has been recognized. The menace actor is believed to be a overseas hostile state entity,” Libraesva says.
“The one‑equipment focus underscores the precision of the menace actor (believed to be a overseas hostile state) and highlights the significance of fast, complete patch deployment,” the corporate notes.
Along with resolving the flaw, Libraesva’s patches scan for indicators-of-compromise (IoCs) and comprise a self-assessment module that checks the patch integrity and hunts for residual threats.
An built-in answer, Libraesva ESG protects electronic mail companies from phishing, BEC, and superior threats, and is suited for all sorts of organizations, together with small and medium-sized companies and enormous enterprises.
