Libraesva rolled out an emergency replace for its E-mail Safety Gateway (ESG) resolution to repair a vulnerability exploited by menace actors believed to be state sponsored.
The e-mail safety product protects e-mail techniques from phishing, malware, spam, enterprise e-mail compromise, and spoofing, utilizing a multi-layer safety structure.
Based on the seller, Libraesva ESG is utilized by 1000’s of small and medium companies in addition to giant enterprises worldwide, serving over 200,000 customers.
The safety situation, tracked underneath CVE-2025-59689, acquired a medium-severity rating. It’s triggered by sending a maliciously crafted e-mail attachment and permits executing arbitrary shell instructions from a non-privileged person account.
“Libraesva ESG is affected by a command injection flaw that may be triggered by a malicious e-mail containing a specifically crafted compressed attachment, permitting potential execution of arbitrary instructions as a non-privileged person,” reads the safety bulletin.
“This happens on account of an improper sanitization through the removing of lively code from recordsdata contained in some compressed archive codecs,” Libraesva explains.
Based on the seller, there was a minimum of one confirmed incident of an attacker “believed to be a overseas hostile state entity” leveraging the flaw in assaults.
CVE-2025-59689 impacts all variations of Libraesva ESG from 4.5 and later, however fixes can be found within the following:
- 5.0.31
- 5.1.20
- 5.2.31
- 5.3.16
- 5.4.8
- 5.5.7
Prospects utilizing variations under 5.0 should improve manually to a supported launch, as they’ve reached end-of-life and won’t be receiving a patch for CVE-2025-59689.
Libraesva says that the patch was launched as an emergency replace 17 hours after discovering the exploitation. The repair was deployed robotically to each cloud and on-premise deployments.
The patch features a sanitization repair to handle the basis explanation for the flaw, an automatic scan for indicators of compromise to find out if the surroundings has already been breached, and a self-assessment module that verifies the proper software of the safety replace.
The seller additionally commented on the assault, saying that the menace actor specializing in a single equipment signifies precision, highlighting the significance of fast remediation motion.
46% of environments had passwords cracked, almost doubling from 25% final yr.
Get the Picus Blue Report 2025 now for a complete have a look at extra findings on prevention, detection, and information exfiltration developments.
