A crucial safety flaw in Libraesva ESG e-mail safety gateways has been recognized and patched, permitting risk actors to execute arbitrary instructions by specifically crafted e-mail attachments.
The vulnerability, tracked as CVE-2025-59689, impacts a number of variations of the favored e-mail safety platform and has already been exploited by what safety researchers imagine to be a overseas state-sponsored risk actor.
The vulnerability stems from improper enter sanitization throughout the elimination of lively code from information contained inside compressed archive codecs.
When Libraesva ESG processes emails containing specifically crafted compressed attachments, the safety gateway fails to correctly sanitize enter parameters, creating a chance for command injection assaults.
Libraesva ESG Command Injection Vulnerability
This flaw impacts all Libraesva ESG variations ranging from model 4.5, making it a widespread safety concern for organizations counting on the platform for e-mail safety.
The assault vector requires minimal person interplay, because the malicious payload is delivered by normal e-mail channels.
Attackers can craft compressed archives containing payload information designed to control the applying’s sanitization logic.
As soon as the sanitization bypass is achieved, risk actors acquire the flexibility to execute arbitrary shell instructions below a non-privileged person account, doubtlessly compromising your entire e-mail safety infrastructure.
Threat FactorsDetailsAffected ProductsLibraesva ESG 4.5 by 5.5ImpactExecution of arbitrary shell instructions as a non-privileged userExploit PrerequisitesReceipt and processing of a specifically crafted compressed e-mail attachment utilizing particular archive formatsCVSS 3.1 Score6.1 (Medium)
Mitigations
Libraesva demonstrated distinctive incident response capabilities, deploying fixes throughout all affected programs inside 17 hours of discovery.
The corporate launched emergency patches for a number of variations: ESG 5.0.31, 5.1.20, 5.2.31, 5.3.16, 5.4.8, and 5.5.7.
These patches have been robotically deployed to all ESG 5.x installations by the platform’s automated replace channel, making certain complete protection for each cloud and on-premise deployments.
The remediation package deal included not solely the core repair addressing the sanitization flaw but additionally automated indicators of compromise (IoCs) scanning capabilities and a self-assessment module.
This complete method ensures that affected home equipment can confirm patch integrity and detect any residual threats from potential exploitation makes an attempt.
Cloud clients obtained computerized updates with out requiring guide intervention, whereas on-premise clients with model 5.x home equipment have been robotically upgraded by telemetry-confirmed deployments.
Organizations nonetheless operating model 4.x installations, which have reached end-of-support standing, should manually improve to model 5.x to obtain safety towards this vulnerability.
The one confirmed exploitation incident, attributed to a overseas hostile state entity, underscores the crucial nature of this safety flaw and the significance of sustaining present software program variations in e-mail safety infrastructure deployments.
Observe us on Google Information, LinkedIn, and X for every day cybersecurity updates. Contact us to characteristic your tales.
