- LIBRAESVA PARCHADO CVE-2025-59689, a vulnerability of execution of remote medium severity commands
- Attack exploded compressed attachments of email; Threat actor probably a hostile foreign state
- The versions below 5.0 are not compatible and require manual updates to stay safe
Libraesva Email Security Gateway (ESG) has paired a vulnerability of average severity apparently abused by threat actors sponsored by the State to achieve remote command execution capabilities (RCE) at specific final points.
In a security notice, Libraesva announced to address an command injection failure that can be activated by a malicious email with a compressed attached file specially prepared.
The failure enabled the execution of arbitrary commands as a non -privileged user, due to inappropriate sanitation during the elimination of the active code of the files contained in some compressed file formats.
“Hostile” attack
Vulnerability is tracked as CVE-2025-59689 and was given a gravity score of 6.1/10 (medium).
It was said that all versions, from 4.5 onwards, were vulnerable. Libraesva launched patches for ESG 5.0, 5.1, 5.2, 5.3, 5.4 and 5.5, while the versions below 5.0 are no longer compatible and must be updated manually.
Until now, an attack has been documented, the notice reads even more, and the attackers are apparently “a foreign state hostile entity.”
“The single application approach underlines the precision of the threat actor (which is believed to be a foreign hostile state) and highlights the importance of rapid and integral patch deployment,” said the company.
Libraesva announces ESG as an advanced email security solution designed to protect threat organizations such as Phishing, Spam, Malware and Commercial Email commitment.
Filters the incoming, outgoing and internal email traffic using the link -level and API layer level defenses, which offers protection for platforms such as Microsoft 365 and Google Workspace.
According BleepingcomputerThe company has “thousands” of customers among small and medium organizations, as well as companies. In total, it was said that more than 200,000 users used ESG Libraesva, and the platform is particularly popular among education, finance and government entities.
