Libraseva urges users to patch now as it issues emergency fix following attacks

8 hours ago 2

Close up of a person touching an email icon.

Image Credit: Pixabay (Image credit: Geralt / Pixabay)

Libraesva patched CVE-2025-59689, a medium-severity remote command execution vulnerability
Attack exploited compressed email attachments; threat actor likely a hostile foreign state
Versions below 5.0 are unsupported and require manual upgrades to stay secure

Libraesva Email Security Gateway (ESG) has patched a medium-severity vulnerability apparently abused by state-sponsored threat actors to achieve remote command execution (RCE) capabilities on targeted endpoints.

In a security advisory, Libraesva announced addressing a command injection flaw which can be triggered by a malicious email with a specially crafted compressed attachment.

The flaw enabled the execution of arbitrary commands as a non-privileged user, due to improper sanitation during the removal of active code from files contained in some compressed archive formats.

"Hostile" attack

The vulnerability is tracked as CVE-2025-59689 and was given a severity score of 6.1/10 (medium).

All versions, from 4.5 onward, were said to be vulnerable. Libraesva released patches for ESG 5.0, 5.1, 5.2, 5.3, 5.4, and 5.5, while versions below 5.0 are no longer supported and need to be manually upgraded.

One attack has been documented so far, the advisory further reads, and the attackers are apparently “a foreign hostile state entity”.

“The single‑appliance focus underscores the precision of the threat actor (believed to be a foreign hostile state) and highlights the importance of rapid, comprehensive patch deployment,” the company stressed.

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Libraesva advertises ESG as an advanced email security solution designed to protect organizations from threats like phishing, spam, malware, and business email compromise.

It filters inbound, outbound, and internal email traffic using both gateway-level and API-layer defenses, offering protection for platforms like Microsoft 365 and Google Workspace.

According to BleepingComputer, the company has “thousands” of clients among small and medium-sized organizations, as well as enterprises. In total, more than 200,000 users were said to be using Libraesva ESG, with the platform being particularly popular among entities in education, finance, and government.

What is a Secure Web Gateway?
Take a look at our guide to the best authenticator app
We've rounded up the best password managers

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read Entire Article