Libraesva has addressed a vulnerability in its integrated email security platform that has been exploited in the wild.
Tracked as CVE-2025-59689 (CVSS score of 6.1), the flaw is described as a command injection issue that could lead to the execution of arbitrary commands as a non-privileged user.
According to Libraesva’s advisory, the bug could be exploited via malicious emails containing crafted compressed attachments.
“This occurs due to an improper sanitization during the removal of active code from files contained in some compressed archive formats,” the company explains.
The CVE is triggered with specific archive formats containing payloads that exploit an improper input sanitization bug to execute arbitrary shell commands.
The security defect affects Libraesva ESG versions 4.5 through 5.5, but fixes were released only for ESG 5.x versions, as the 4.x versions have been discontinued.
Libraesva pushed the patches to both cloud and on-premise ESG deployments and says all appliances are now running a fixed software iteration.
Customers running on-premise ESG 4.x versions are advised to manually update to a patched 5.x version as soon as possible, given that the vulnerability has been exploited.
“One confirmed incident of abuse has been identified. The threat actor is believed to be a foreign hostile state entity,” Libraesva says.
“The single‑appliance focus underscores the precision of the threat actor (believed to be a foreign hostile state) and highlights the importance of rapid, comprehensive patch deployment,” the company notes.
In addition to resolving the flaw, Libraesva’s patches scan for indicators-of-compromise (IoCs) and contain a self-assessment module that checks the patch integrity and hunts for residual threats.
An integrated solution, Libraesva ESG protects email services from phishing, BEC, and advanced threats, and is suited for all types of organizations, including small and medium-sized businesses and large enterprises.
Related: SolarWinds Makes Third Attempt at Patching Exploited Vulnerability
Related: Patch Bypassed for Supermicro Vulnerability Allowing BMC Hack
Related: Top 25 MCP Vulnerabilities Reveal How AI Agents Can Be Exploited
Related: Researchers Earn $150,000 for L1TF Exploit Leaking Data From Public Cloud