- Libraesva patched cve-2025-59689, a Medium-Service Guard Command Vulnerability
- Attacks utilized compressed E -Mail -attached files; Threat actor probably a hostile foreign state
- Versions below 5.0 are not supported and requires manual upgrades to remain safe
Liblaesva E-Mail Security Gateway (ESG) has patched a medium-difficulty vulnerability that has apparently been abused by state-sponsored threat actors to achieve remote command (RCE) features on targeted final points.
In a security advice, Libraesva announced addressing a command injection error that can be triggered by a malicious e email with a specially designed compressed attachment.
The error activated the performance of arbitrary commands as a non-privileged user due to incorrect sanitation while removing active code from files contained in some compressed archive formats.
“Hostile” attack
Vulnerability is traced as CVE-2025-59689 and got a severity of 6.1/10 (medium).
All versions from 4.5 onwards were said to be vulnerable. Liblaesva released patches to ESG 5.0, 5.1, 5.2, 5.3, 5.4 and 5.5, while versions under 5.0 are no longer supported and must be upgraded manually.
An attack has so far been documented, the advisory reader further, and attackers are apparently “a foreign hostile state unit”.
“Focus on a single application of application emphasizes the precision of the threat actor (believed to be a foreign hostile state) and highlights the importance of fast, comprehensive patch implementation,” the company emphasized.
Libraesva announces ESG as an advanced E -mail security solution designed to protect organizations from threats such as phishing, spam, malware and business e -mail comrom.
It filters incoming, outgoing and internal email traffic using both Gateway level and API-Lags defense that offers protection of platforms such as Microsoft 365 and Google Workspace.
According to Bleeping computerThe company has “thousands” of clients among small and medium -sized organizations as well as companies. In total, it was said that more than 200,000 users used Liblaesva ESG, where the platform was particularly popular with units in education, finance and government.
