- Libraesva patched CVE-2025-59689, a medium-severity remote command execution vulnerability
- Attack exploited compressed email attachments; threat actor likely a hostile foreign state
- Versions below 5.0 are unsupported and require manual upgrades to stay secure
Libraesva Email Security Gateway (ESG) has patched a medium-severity vulnerability apparently abused by state-sponsored threat actors to achieve remote command execution (RCE) capabilities on targeted endpoints.
In a security advisory, Libraesva announced addressing a command injection flaw which can be triggered by a malicious email with a specially crafted compressed attachment.
The flaw enabled the execution of arbitrary commands as a non-privileged user, due to improper sanitation during the removal of active code from files contained in some compressed archive formats.
“Hostile” attack
The vulnerability is tracked as CVE-2025-59689 and was given a severity score of 6.1/10 (medium).
All versions, from 4.5 onward, were said to be vulnerable. Libraesva released patches for ESG 5.0, 5.1, 5.2, 5.3, 5.4, and 5.5, while versions below 5.0 are no longer supported and need to be manually upgraded.
One attack has been documented so far, the advisory further reads, and the attackers are apparently “a foreign hostile state entity”.
“The single‑appliance focus underscores the precision of the threat actor (believed to be a foreign hostile state) and highlights the importance of rapid, comprehensive patch deployment,” the company stressed.
Libraesva advertises ESG as an advanced email security solution designed to protect organizations from threats like phishing, spam, malware, and business email compromise.
It filters inbound, outbound, and internal email traffic using both gateway-level and API-layer defenses, offering protection for platforms like Microsoft 365 and Google Workspace.
According to BleepingComputer, the company has “thousands” of clients among small and medium-sized organizations, as well as enterprises. In total, more than 200,000 users were said to be using Libraesva ESG, with the platform being particularly popular among entities in education, finance, and government.
You might also like
The post Libraseva urges users to patch now as it issues emergency fix following attacks first appeared on TechToday.
This post originally appeared on TechToday.