CVE-2025-59689

Published Sep 19, 2025

Last updated 4 months ago

Exploit knownCVSS medium 6.1
Libraesva Email Security Gateway
SMTP

Overview

Description
Libraesva ESG 4.5 through 5.5.x before 5.5.7 allows command injection via a compressed e-mail attachment. For ESG 5.0 a fix has been released in 5.0.31. For ESG 5.1 a fix has been released in 5.1.20. For ESG 5.2 a fix has been released in 5.2.31. For ESG 5.4 a fix has been released in 5.4.8. For ESG 5.5. a fix has been released in 5.5.7.
Source
cve@mitre.org
NVD status
Analyzed
Products
email_security_gateway

Risk scores

CVSS 3.1

Type
Secondary
Base score
6.1
Impact score
2.7
Exploitability score
2.8
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Severity
MEDIUM

Known exploits

Data from CISA

Vulnerability name
Libraesva Email Security Gateway Command Injection Vulnerability
Exploit added on
Sep 29, 2025
Exploit action due
Oct 20, 2025
Required action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Weaknesses

cve@mitre.org
CWE-77

Social media

Hype score
Not currently trending

  1. Libraesva Email Security Gateway Vulnerability Exploited by Nation-State Hackers Tracked as CVE-2025-59689, the command injection bug could be triggered via malicious emails containing crafted compressed attachments. The post Libraesva Email Security Gateway Vulnerability Exp...

    @SecurityAid

    24 Jan 2026

    96 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. Latest Known Exploited Vulnerabilities (#KEV) : #CVE-2025-59689 #Libraesva Email Security Gateway Command Injection Vulnerability https://t.co/YIFBX5tnPE

    @ScyScan

    29 Sept 2025

    11 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. NATION-STATE ALERT! Spies are exploiting the Libraesva ESG Zero-Day (CVE-2025-59689) to compromise email systems globally. If you use Libraesva, your sensitive communications are being stolen. Full report on - https://t.co/xJSUhbz5TF https://t.co/rXVhdVRlSy

    @cyberbivash

    28 Sept 2025

    2 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. ๐ŸŸ Los piratas informรกticos patrocinados por el Estado explotaron una vulnerabilidad, identificada como CVE-2025-59689, en #Libraesva Email Gateway a travรฉs de archivos adjuntos maliciosos. #QintegraNews #ciberseguridad @securityaffairs https://t.co/IYETGYMZiB

    @QintegraC

    26 Sept 2025

    36 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. Actively exploited CVE : CVE-2025-59689

    @transilienceai

    26 Sept 2025

    21 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  6. Libraesva has patched a critical command injection vulnerability (CVE-2025-59689) in its Email Security Gateway with a CVSS score of 6.1, used by threat actors. Attackers exploit this flaw via malicious emails to execute commands on systems. Users of Libraesva ESG should update

    @bigmacd16684

    25 Sept 2025

    1 Impression

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. Actively exploited CVE : CVE-2025-59689

    @transilienceai

    25 Sept 2025

    42 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  8. ๐Ÿšจ Patch NOW: Libraesva issues emergency fix for CVE-2025-59689. โš ๏ธ Exploited via malicious compressed email attachments โš ๏ธ RCE vulnerability abused by suspected state actors โš ๏ธ Versions <5.0 unsupported โ€” manual upgrade needed #CyberSecurity #InfoSec #Librae

    @ProgresiveRobot

    25 Sept 2025

    54 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  9. Libraesva ESGใฎใ‚ผใƒญใƒ‡ใ‚ค่„†ๅผฑๆ€งใŒๆ”ปๆ’ƒ่€…ใซๆ‚ช็”จใ•ใ‚Œใ‚‹๏ผˆCVE-2025-59689๏ผ‰ Libraesva ESG zero-day vulnerability exploited by attackers (CVE-2025-59689) #HelpNetSecurity (Sep 24) https://t.co/lx4nt8CdSz

    @foxbook

    24 Sept 2025

    14 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  10. Libraesva ESG zero-day vulnerability exploited by attackers (CVE-2025-59689) https://t.co/vuflb7q9Um #HelpNetSecurity #Cybersecurity https://t.co/zM0rZqu8EQ

    @PoseidonTPA

    24 Sept 2025

    40 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  11. ๐Ÿ“ข ๐’๐ญ๐š๐ญ๐ž-๐’๐ฉ๐จ๐ง๐ฌ๐จ๐ซ๐ž๐ ๐‡๐š๐œ๐ค๐ž๐ซ๐ฌ ๐„๐ฑ๐ฉ๐ฅ๐จ๐ข๐ญ๐ข๐ง๐  ๐‹๐ข๐›๐ซ๐š๐ž๐ฌ๐ฏ๐š ๐„๐ฆ๐š๐ข๐ฅ ๐’๐ž๐œ๐ฎ๐ซ๐ข๐ญ๐ฒ ๐†๐š๐ญ๐ž๐ฐ๐š๐ฒ ๐•๐ฎ๐ฅ๐ง๐ž๐ซ

    @PurpleOps_io

    24 Sept 2025

    46 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  12. ๐Ÿšจ State-sponsored hackers are exploiting a command injection flaw in Libraesva ESG (CVE-2025-59689). Update your Email Security Gateway ASAP! https://t.co/ZcNaLJyyle #CyberSecurity #Libraesva #CVE202559689 #StateSponsoredHacking #EmailSecurity

    @0xT3chn0m4nc3r

    24 Sept 2025

    7 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  13. ๐Ÿ“Œ ุฃุตุฏุฑุช ุดุฑูƒุฉ Libraesva ุชุญุฏูŠุซู‹ุง ุฃู…ู†ูŠู‹ุง ู„ู…ุนุงู„ุฌุฉ ุซุบุฑุฉ ููŠ ุญู„ Gateway ุฃู…ุงู† ุงู„ุจุฑูŠุฏ ุงู„ุฅู„ูƒุชุฑูˆู†ูŠ (ESG) ุงุณุชุบู„ู‡ุง ู…ู…ุซู„ูˆู† ุชู‡ุฏูŠุฏ ู…ุฏุนูˆู…ูˆู† ู…ู† ุงู„ุฏูˆู„ุฉ. ุงู„ุซุบุฑุฉุŒ ุงู„ู…ุนุฑูˆูุฉ ุจุงุณู… CVE-2025-596

    @Cybercachear

    24 Sept 2025

    54 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  14. Libraesva has issued a security update for its Email Security Gateway after state-sponsored hackers exploited a medium-severity vulnerability (CVE-2025-59689) linked to command injection via malicious emails. #CyberSecurity #Libraesva https://t.co/BvrdwhO5jm

    @Cyber_O51NT

    24 Sept 2025

    397 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  15. โš ๏ธ State-backed hackers just broke into Libraesvaโ€™s email security gateway. A flaw (CVE-2025-59689) lets a single malicious email run commands on your serverโ€”and itโ€™s already been exploited. Update now before youโ€™re next โ†’ https://t.co/EplN3HXoE5

    @TheHackersNews

    24 Sept 2025

    11307 Impressions

    31 Retweets

    70 Likes

    8 Bookmarks

    1 Reply

    0 Quotes

  16. ๐ŸšจAlert๐Ÿšจ:CVE-2025-59689: Libraesva ESG Command Injection Flaw ๐Ÿ“Š9.2K+ Services are found on the https://t.co/ysWb28BTvF yearly. ๐Ÿ”—Hunter Link:https://t.co/8jCaWDpDT0 ๐Ÿ‘‡Query HUNTER : https://t.co/q9rtuGfZuz="Libraesva ESG" ๐Ÿ“ฐRefer:https://t.co/xWQNS6ciBn https://t.co

    @HunterMapping

    23 Sept 2025

    1433 Impressions

    2 Retweets

    18 Likes

    7 Bookmarks

    0 Replies

    0 Quotes

  17. ๐Ÿšจ๐ŸšจCVE-2025-59689: Libraesva ESG Command Injection Flaw A malicious email with a crafted compressed attachment can bypass Libraesva ESG's code sanitization, allowing arbitrary command execution as a non-privileged user. Search by vul.cve Filter๐Ÿ‘‰vul.cve="CVE-2025-59689" Z

    @zoomeye_team

    23 Sept 2025

    989 Impressions

    2 Retweets

    8 Likes

    2 Bookmarks

    0 Replies

    0 Quotes

  18. ๐Ÿšจ Alert: CVE-2025-59689 poses a high risk of exploitation! Libraesva ESG 4.5-5.5.x affected by command injection via email attachments. ๐Ÿ“ง Patch now! ๐Ÿ›ก๏ธ Updates: 5.0.31, 5.1.20, 5.2.31, 5.4.8, and 5.5.7. Stay safe! #cybersecurity #infosec #patchnow ๐Ÿ”’

    @SecAideInfo

    22 Sept 2025

    2 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  19. CVE-2025-59689 Command Injection Vulnerability in Libraesva ESG Email Security Gateway 4.5-5.5.x https://t.co/2iyfSDrOPi

    @VulmonFeeds

    19 Sept 2025

    55 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

Related CVEs

  1. Improper Neutralization of Special Elements used in a Command ('Command Injection') in Owl opds 2.2.0.4 allows Command Injection via a crafted network request.โ€ขCVE-2026-26093
  2. SmarterTools SmarterMail Missing Authentication for Critical Function Vulnerabilityโ€ขCVE-2026-24423
  3. Mailpit is an email testing tool and API for developers. Prior to version 1.28.3, Mailpit's SMTP server is vulnerable to Header Injection due to an insufficient Regular Expression used to validate `RCPT TO` and `MAIL FROM` addresses. An attacker can inject arbitrary SMTP headers (or corrupt existing ones) by including carriage return characters (`\r`) in the email address. This header injection occurs because the regex intended to filter control characters fails to exclude `\r` and `\n` when used inside a character class. Version 1.28.3 fixes this issue.โ€ขCVE-2026-23829
  4. SmarterTools SmarterMail Unrestricted Upload of File with Dangerous Type Vulnerabilityโ€ขCVE-2025-52691
  5. RoundCube Webmail Cross-site Scripting Vulnerabilityโ€ขCVE-2025-68461

References

Sources include official advisories and independent security research.