367/68 Friday, September 26, 2025
Italian company Libraesva, developer of the Email Security Gateway (ESG) solution, has issued a security advisory regarding vulnerability CVE-2025-59689, which has been actively exploited by nation-state hackers through specially crafted compressed email attachments. The flaw allows attackers to execute command injection on the system under a non-privileged user account. The root cause lies in incomplete code sanitization during the inspection of certain archive formats.
Libraesva confirmed at least one attack case, linked to a foreign hostile state entity, demonstrating the precision of a single-appliance attack. The vulnerability affects Libraesva ESG versions 4.5 through 5.5. However, the company has only released patches for 5.x versions, since the 4.x product line is no longer supported.
The attack can be carried out by sending an email with a specially crafted compressed file containing a payload designed to bypass the system’s sanitization process. Once processed, attackers can execute arbitrary shell commands under general user privileges. Libraesva urges organizations to immediately apply the available patches and implement additional security measures to mitigate the risks of increasingly sophisticated email-based attacks.
