CVE-2025-59689

Name of the Vulnerable Software and Affected Versions Libraesva Email Security Gateway versions 4.5 through 5.5.x before 5.5.7 Libraesva Email Security Gateway version 5.0 through 5.0.31 Libraesva Email Security Gateway version 5.1 through 5.1.20 Libraesva Email Security Gateway version 5.2 through 5.2.31 Libraesva Email Security Gateway version 5.4 through 5.4.8 Libraesva Email Security Gateway version 5.5 through 5.5.7

Description Libraesva Email Security Gateway (ESG) is affected by a command injection flaw. This issue allows attackers to execute arbitrary commands on a system by sending a specially crafted compressed email attachment. The vulnerability has been actively exploited by a foreign hostile state entity. Over 200,000 users depend on ESG, with strong adoption in education, finance, and government sectors. The exploitation involves sending emails with malicious compressed attachments that bypass code sanitization, enabling arbitrary command execution as a non-privileged user. The affected API endpoints and vulnerable parameters were not specified.

Recommendations For Libraesva ESG version 4.5 through 5.5.x before 5.5.7, update to version 5.5.7 or later. For Libraesva ESG version 5.0, update to version 5.0.31. For Libraesva ESG version 5.1, update to version 5.1.20. For Libraesva ESG version 5.2, update to version 5.2.31. For Libraesva ESG version 5.4, update to version 5.4.8. For Libraesva ESG versions prior to 5.0, upgrade to a supported version. Tighten compressed-file handling policies. Monitor ESG logs for unusual command-execution activity.