Libraesva has issued an emergency patch for a big command injection vulnerability in its E mail Safety Gateway (ESG) after confirming state-sponsored hackers exploited it.
The flaw, recognized as CVE-2025-59689, allowed attackers to execute arbitrary instructions by sending a malicious e mail with a specifically crafted compressed attachment. The corporate responded by deploying an automatic repair to prospects inside 17 hours of discovering the energetic exploitation.
The vulnerability originates from improper sanitization when the ESG product processes sure compressed archive codecs. Attackers may assemble a malicious e mail attachment that, when scanned by the gateway, would bypass safety checks and permit the injection of shell instructions.
A profitable exploit would grant the attacker the power to execute arbitrary instructions on the affected system, albeit as a non-privileged person.
From there, the actor may probably have interaction in lateral motion, set up persistence, or try and escalate privileges. The flaw impacts all Libraesva ESG variations from 4.5 onwards.
Libraesva confirmed at the very least one incident the place the vulnerability was actively abused within the wild. The corporate attributes the assault to a “international hostile state entity,” highlighting the subtle nature of the menace actor.
In keeping with Libraesva, the focused nature of the assault, which targeted on a single equipment, underscores the precision and strategic intent of the adversary.
This focused method suggests the attackers weren’t conducting a widespread marketing campaign however reasonably a targeted operation in opposition to a selected group.
In response to the exploit, Libraesva took swift motion, creating and deploying a patch in simply 17 hours. The emergency replace was routinely pushed to all cloud-based and on-premise ESG home equipment working model 5.x.
The great patch not solely addressed the basis sanitization flaw but additionally included an automatic scanner to detect Indicators of Compromise (IoCs) and a self-assessment module to confirm the patch’s integrity.
Libraesva has supplied the next steering for its prospects:
Cloud Prospects: All cloud home equipment have been routinely up to date, and no additional motion is required.
On-Premise 5.x Prospects: These home equipment ought to have obtained the automated replace. Directors are suggested to confirm that their system is working a patched model.
On-Premise 4.x Prospects: Variations beneath 5.0 are Finish of Help (EOS) and didn’t obtain the automated patch. These prospects should manually improve to a supported 5.x model to guard their techniques from this exploited vulnerability.
The fixes can be found in variations 5.0.31, 5.1.20, 5.2.31, 5.3.16, 5.4.8, and 5.5.7. Given the energetic exploitation by a nation-state actor, organizations utilizing Libraesva ESG are urged to make sure their home equipment are working a patched model instantly.
Observe us on Google Information, LinkedIn, and X for each day cybersecurity updates. Contact us to function your tales.
