Libraesva has released a security update to address a vulnerability in its Email Security Gateway (ESG) solution that it said has been exploited by state-sponsored threat actors.
The vulnerability, tracked as CVE-2025-59689, carries a CVSS score of 6.1, indicating medium severity.
“Libraesva ESG is affected by a command injection flaw that can be triggered by a malicious email containing a specially crafted compressed attachment, allowing potential execution of arbitrary commands as a non-privileged user,” Libraesva said in an advisory.
Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.
Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).
➤ Activate Your Coupon Code
“This occurs due to an improper sanitization during the removal of active code from files contained in some compressed archive formats.”
In a hypothetical attack scenario, an attacker could exploit the flaw by sending an email containing a specially crafted compressed archive, allowing a threat actor to leverage the application’s improper sanitization logic to ultimately execute arbitrary shell commands.
The shortcoming affects Libraesva ESG versions 4.5 through 5.5.x before 5.5.7, with fixes released in 5.0.31, 5.1.20, 5.2.31, 5.3.16, 5.4.8, and 5.5.7. Libraesva noted in the alert that versions below 5.0 have reached end-of-support and must be manually upgraded to a supported release.
The Italian email security company also acknowledged that it has identified one confirmed incident of abuse, and that the threat actor is “believed to be a foreign hostile state entity.” It did not share any further details on the nature of the activity, or who may be behind it.
“The single‑appliance focus underscores the precision of the threat actor (believed to be a foreign hostile state) and highlights the importance of rapid, comprehensive patch deployment,” Libraesva said, adding it deployed a fix within 17 hours of flagging the abuse.
In light of active exploitation, it’s essential that users of the ESG software update their instances to the latest version as soon as possible to mitigate potential threats.
Found this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post.
Some parts of this article are sourced from:
thehackernews.com
Two New Supermicro BMC Bugs Allow Malicious Firmware to Evade Root of Trust Security