Suspected state-sponsored attackers have exploited a zero-day vulnerability (CVE-2025-59689) in the Libraesva Email Security Gateway (ESG), the Italian email security company has confirmed.
About CVE-2025-59689
CVE-2025-59689 is a command injection vulnerability caused by improper sanitization when removing active code from files inside certain compressed archive formats. It can be triggered by emails containing a specially crafted compressed attachment.
“Within the archive, the payload files are constructed to manipulate the application’s sanitization logic, exploiting an improper sanitization of input parameters,” Libraesva explained.
“Once the sanitization bypass is achieved, the attacker can execute arbitrary shell commands under a non‑privileged user account.”
CVE-2025-59689 affects versions of Libraesva ESG starting from version 4.5 and up to (and including) version 5.5.
Fixes have been rolled out
The company has released fixes for the 5.x branches through the automatic updates channel. Whether they are cloud or on-premise appliances, all deployments running one of those branches have been upgraded to a version containing the fix:
- 5.0.31
- 5.1.20
- 5.2.31
- 5.3.16
- 5.4.8, or
- 5.5.7
On-premise customers with 4.x versions must manually upgrade to a fixed 5.x version, as the former are no longer supported.
The patch includes a fix for the flaw, triggers an automated scan searching for indicators of compromise, and module that runs on all affected appliances “to verify patch integrity and detect residual threats.”
“The single‑appliance focus underscores the precision of the threat actor (believed to be a foreign hostile state) and highlights the importance of rapid, comprehensive patch deployment,” the firm noted.
Whether Libraesva has been notified of the compromise or were able to detect it themselves is currently unclear.
We’ve reached out to Libraesva to find out more about the targeted organization and the attack, and we’ll update this article if we hear back from them.
Subscribe to our breaking news e-mail alert to never miss out on the latest breaches, vulnerabilities and cybersecurity threats. Subscribe here!
Source link
