Libraesva has released a security update to address vulnerabilities in its Email Security Gateway (ESG) solution.
The CVSS score for the vulnerability tracked as CVE-2025-59689 is 6.1, indicating moderate severity.
“Libraesva ESG is affected by command injection flaws triggered by malicious emails containing specially created compression attachments, allowing for the potential execution of any command as a non-major user,” Libraesva said in its advisory.
“This occurs due to inappropriate disinfection when removing active code from a file contained in some compressed archive formats.”
In a hypothetical attack scenario, an attacker can exploit the flaw by sending an email containing a specially created compressed archive, allowing threat actors to leverage the application’s inappropriate disinfection logic to ultimately execute arbitrary shell commands.
The drawbacks include fixes released in 5.0.31, 5.1.20, 5.2.31, 5.3.16, 5.4.8, and 5.5.7, affecting Libraesva ESG versions 4.5 to 5.5.x before 5.5.7. Libraesva pointed out in the warning that versions below 5.0 have reached end of support and must be upgraded manually to a supported release.
The Italian email security company also confirmed that it had identified one confirmed case of abuse and that the threat actor is “believed to be the entity of a foreign hostile state.” It did not share details about the nature of the activity, or the nature of the person that may be behind it.
“The focus of a single application highlights the accuracy of threat actors (which are considered to be foreign hostile conditions), and emphasizes the importance of rapid, comprehensive patch deployments,” Libraesva said, adding that the fixes were deployed within 17 hours of flagging abuse.
In light of aggressive exploitation, it is essential for users of ESG software to update their instances to the latest version as soon as possible to mitigate potential threats.
Source link
