CVE-2025-59689

Published Sep 19, 2025

Last updated a month ago

Exploit knownCVSS medium 6.1
Libraesva Email Security Gateway

Overview

AI description

Automated description summarized from trusted sources.

CVE-2025-59689 is a command injection vulnerability affecting Libraesva Email Security Gateway (ESG) versions 4.5 through 5.5.x before 5.5.7. It stems from improper sanitization when the software removes active code from files within certain compressed archive formats. Attackers can exploit this vulnerability by sending emails containing specially crafted compressed attachments. The payload files are designed to manipulate the application's sanitization logic, allowing the execution of arbitrary shell commands under a non-privileged user account. Fixes have been released for ESG versions 5.0, 5.1, 5.2, 5.4, and 5.5.

Description
Libraesva ESG 4.5 through 5.5.x before 5.5.7 allows command injection via a compressed e-mail attachment. For ESG 5.0 a fix has been released in 5.0.31. For ESG 5.1 a fix has been released in 5.1.20. For ESG 5.2 a fix has been released in 5.2.31. For ESG 5.4 a fix has been released in 5.4.8. For ESG 5.5. a fix has been released in 5.5.7.
Source
cve@mitre.org
NVD status
Analyzed
Products
email_security_gateway

Risk scores

CVSS 3.1

Type
Secondary
Base score
6.1
Impact score
2.7
Exploitability score
2.8
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Severity
MEDIUM

Known exploits

Data from CISA

Vulnerability name
Libraesva Email Security Gateway Command Injection Vulnerability
Exploit added on
Sep 29, 2025
Exploit action due
Oct 20, 2025
Required action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Weaknesses

cve@mitre.org
CWE-77

Social media

Hype score
Not currently trending

  1. Latest Known Exploited Vulnerabilities (#KEV) : #CVE-2025-59689 #Libraesva Email Security Gateway Command Injection Vulnerability https://t.co/YIFBX5tnPE

    @ScyScan

    29 Sept 2025

    11 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. NATION-STATE ALERT! Spies are exploiting the Libraesva ESG Zero-Day (CVE-2025-59689) to compromise email systems globally. If you use Libraesva, your sensitive communications are being stolen. Full report on - https://t.co/xJSUhbz5TF https://t.co/rXVhdVRlSy

    @Iambivash007

    28 Sept 2025

    2 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. ๐ŸŸ Los piratas informรกticos patrocinados por el Estado explotaron una vulnerabilidad, identificada como CVE-2025-59689, en #Libraesva Email Gateway a travรฉs de archivos adjuntos maliciosos. #QintegraNews #ciberseguridad @securityaffairs https://t.co/IYETGYMZiB

    @QintegraC

    26 Sept 2025

    36 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. Actively exploited CVE : CVE-2025-59689

    @transilienceai

    26 Sept 2025

    21 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  5. Libraesva has patched a critical command injection vulnerability (CVE-2025-59689) in its Email Security Gateway with a CVSS score of 6.1, used by threat actors. Attackers exploit this flaw via malicious emails to execute commands on systems. Users of Libraesva ESG should update

    @bigmacd16684

    25 Sept 2025

    1 Impression

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. Actively exploited CVE : CVE-2025-59689

    @transilienceai

    25 Sept 2025

    42 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  7. ๐Ÿšจ Patch NOW: Libraesva issues emergency fix for CVE-2025-59689. โš ๏ธ Exploited via malicious compressed email attachments โš ๏ธ RCE vulnerability abused by suspected state actors โš ๏ธ Versions <5.0 unsupported โ€” manual upgrade needed #CyberSecurity #InfoSec #Librae

    @ProgresiveRobot

    25 Sept 2025

    54 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  8. Libraesva ESGใฎใ‚ผใƒญใƒ‡ใ‚ค่„†ๅผฑๆ€งใŒๆ”ปๆ’ƒ่€…ใซๆ‚ช็”จใ•ใ‚Œใ‚‹๏ผˆCVE-2025-59689๏ผ‰ Libraesva ESG zero-day vulnerability exploited by attackers (CVE-2025-59689) #HelpNetSecurity (Sep 24) https://t.co/lx4nt8CdSz

    @foxbook

    24 Sept 2025

    14 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  9. Libraesva ESG zero-day vulnerability exploited by attackers (CVE-2025-59689) https://t.co/vuflb7q9Um #HelpNetSecurity #Cybersecurity https://t.co/zM0rZqu8EQ

    @PoseidonTPA

    24 Sept 2025

    40 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  10. ๐Ÿ“ข ๐’๐ญ๐š๐ญ๐ž-๐’๐ฉ๐จ๐ง๐ฌ๐จ๐ซ๐ž๐ ๐‡๐š๐œ๐ค๐ž๐ซ๐ฌ ๐„๐ฑ๐ฉ๐ฅ๐จ๐ข๐ญ๐ข๐ง๐  ๐‹๐ข๐›๐ซ๐š๐ž๐ฌ๐ฏ๐š ๐„๐ฆ๐š๐ข๐ฅ ๐’๐ž๐œ๐ฎ๐ซ๐ข๐ญ๐ฒ ๐†๐š๐ญ๐ž๐ฐ๐š๐ฒ ๐•๐ฎ๐ฅ๐ง๐ž๐ซ

    @PurpleOps_io

    24 Sept 2025

    46 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  11. ๐Ÿšจ State-sponsored hackers are exploiting a command injection flaw in Libraesva ESG (CVE-2025-59689). Update your Email Security Gateway ASAP! https://t.co/ZcNaLJyyle #CyberSecurity #Libraesva #CVE202559689 #StateSponsoredHacking #EmailSecurity

    @0xT3chn0m4nc3r

    24 Sept 2025

    7 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  12. ๐Ÿ“Œ ุฃุตุฏุฑุช ุดุฑูƒุฉ Libraesva ุชุญุฏูŠุซู‹ุง ุฃู…ู†ูŠู‹ุง ู„ู…ุนุงู„ุฌุฉ ุซุบุฑุฉ ููŠ ุญู„ Gateway ุฃู…ุงู† ุงู„ุจุฑูŠุฏ ุงู„ุฅู„ูƒุชุฑูˆู†ูŠ (ESG) ุงุณุชุบู„ู‡ุง ู…ู…ุซู„ูˆู† ุชู‡ุฏูŠุฏ ู…ุฏุนูˆู…ูˆู† ู…ู† ุงู„ุฏูˆู„ุฉ. ุงู„ุซุบุฑุฉุŒ ุงู„ู…ุนุฑูˆูุฉ ุจุงุณู… CVE-2025-596

    @Cybercachear

    24 Sept 2025

    54 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  13. Libraesva has issued a security update for its Email Security Gateway after state-sponsored hackers exploited a medium-severity vulnerability (CVE-2025-59689) linked to command injection via malicious emails. #CyberSecurity #Libraesva https://t.co/BvrdwhO5jm

    @Cyber_O51NT

    24 Sept 2025

    397 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  14. โš ๏ธ State-backed hackers just broke into Libraesvaโ€™s email security gateway. A flaw (CVE-2025-59689) lets a single malicious email run commands on your serverโ€”and itโ€™s already been exploited. Update now before youโ€™re next โ†’ https://t.co/EplN3HXoE5

    @TheHackersNews

    24 Sept 2025

    11307 Impressions

    31 Retweets

    70 Likes

    8 Bookmarks

    1 Reply

    0 Quotes

  15. ๐ŸšจAlert๐Ÿšจ:CVE-2025-59689: Libraesva ESG Command Injection Flaw ๐Ÿ“Š9.2K+ Services are found on the https://t.co/ysWb28BTvF yearly. ๐Ÿ”—Hunter Link:https://t.co/8jCaWDpDT0 ๐Ÿ‘‡Query HUNTER : https://t.co/q9rtuGfZuz="Libraesva ESG" ๐Ÿ“ฐRefer:https://t.co/xWQNS6ciBn https://t.co

    @HunterMapping

    23 Sept 2025

    1433 Impressions

    2 Retweets

    18 Likes

    7 Bookmarks

    0 Replies

    0 Quotes

  16. ๐Ÿšจ๐ŸšจCVE-2025-59689: Libraesva ESG Command Injection Flaw A malicious email with a crafted compressed attachment can bypass Libraesva ESG's code sanitization, allowing arbitrary command execution as a non-privileged user. Search by vul.cve Filter๐Ÿ‘‰vul.cve="CVE-2025-59689" Z

    @zoomeye_team

    23 Sept 2025

    989 Impressions

    2 Retweets

    8 Likes

    2 Bookmarks

    0 Replies

    0 Quotes

  17. ๐Ÿšจ Alert: CVE-2025-59689 poses a high risk of exploitation! Libraesva ESG 4.5-5.5.x affected by command injection via email attachments. ๐Ÿ“ง Patch now! ๐Ÿ›ก๏ธ Updates: 5.0.31, 5.1.20, 5.2.31, 5.4.8, and 5.5.7. Stay safe! #cybersecurity #infosec #patchnow ๐Ÿ”’

    @SecAideInfo

    22 Sept 2025

    2 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  18. CVE-2025-59689 Command Injection Vulnerability in Libraesva ESG Email Security Gateway 4.5-5.5.x https://t.co/2iyfSDrOPi

    @VulmonFeeds

    19 Sept 2025

    55 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

References

Sources include official advisories and independent security research.