Libraesva rolled out an emergency update for its email security gateway (ESG) solution, which is considered a state sponsored to fix a vulnerability exploited by danger actors.
The email safety product protects the email system from fishing, malware, spam, business email agreement and spoofing using a multi-layer protection architecture.
According to the seller, Libraseva ESG is used by large enterprises around the world with thousands of small and medium businesses. More than 200,000 users,
Security issue tracked under Cve-2025-59689Got a moderate-seriousness score. This is triggered by sending a maliciously designed email attachment and allows an arbitrary to execute the shell command from a non-conservative user account.
“Libraseva ESG is affected by a command injection defect, which can be triggered by a malicious email that is from a specially designed compressed attachment, allowing a possible execution of an arbitrary command as a non-haunted user,” Security bulletin,
“This is due to an inappropriate sanitization when removing the active code from the files contained in some compressed collection formats,” Libeswa explains.
According to the seller, an attacker has been confirmed at least one at least one “It is believed that a foreign hostile state unit” takes advantage of the blame in attacks.
The CVE-2025-59689 Libraesva affects all versions of ESG 4.5 and later, but the fixes are available in the following:
- 5.0.31
- 5.1.20
- 5.2.31
- 5.3.16
- 5.4.8
- 5.5.7
Customers using versions below 5.0 will have to upgrade manually to a supported release, as they have reached the end of life and will not get a patch for CVE -2025–59689.
Libraseva says that the patch was released as an emergency update 17 hours after the discovery of exploitation. The fix was automatically deployed in both clouds and on-arrival deployments.
The patch involves a sanitization fix to address the root cause of the defect, an automatic scan for the indicators of the agreement to determine whether the environment is already dissolved, and a self-assessment module that confirms the correct application of the security update.
The seller also commented on the attack, saying that the danger actor, which focuses on a single tool, has indicated accuracy, highlighting the importance of quick remedial action.
The passwords broke in 46% of the atmosphere, almost doubled by 25% last year.
Picus Blue Report 2025 Now get a wider look at more conclusions on prevention, detection and data exfIs.
