State-Sponsored Hackers Exploiting Libraesva Email Security Gateway Vulnerability

State-Sponsored Hackers Exploiting Libraesva Email Security Gateway Vulnerability

Posted on By CWS

Sep 24, 2025Ravie LakshmananVulnerability / E mail Safety
Libraesva has launched a safety replace to handle a vulnerability in its E mail Safety Gateway (ESG) answer that it stated has been exploited by state-sponsored menace actors.
The vulnerability, tracked as CVE-2025-59689, carries a CVSS rating of 6.1, indicating medium severity.
“Libraesva ESG is affected by a command injection flaw that may be triggered by a malicious e mail containing a specifically crafted compressed attachment, permitting potential execution of arbitrary instructions as a non-privileged consumer,” Libraesva stated in an advisory.
“This happens on account of an improper sanitization throughout the elimination of lively code from recordsdata contained in some compressed archive codecs.”
In a hypothetical assault state of affairs, an attacker might exploit the flaw by sending an e mail containing a specifically crafted compressed archive, permitting a menace actor to leverage the appliance’s improper sanitization logic to in the end execute arbitrary shell instructions.

The shortcoming impacts Libraesva ESG variations 4.5 by 5.5.x earlier than 5.5.7, with fixes launched in 5.0.31, 5.1.20, 5.2.31, 5.3.16, 5.4.8, and 5.5.7. Libraesva famous within the alert that variations under 5.0 have reached end-of-support and should be manually upgraded to a supported launch.
The Italian e mail safety firm additionally acknowledged that it has recognized one confirmed incident of abuse, and that the menace actor is “believed to be a overseas hostile state entity.” It didn’t share any additional particulars on the character of the exercise, or who could also be behind it.
“The one‑equipment focus underscores the precision of the menace actor (believed to be a overseas hostile state) and highlights the significance of fast, complete patch deployment,” Libraesva stated, including it deployed a repair inside 17 hours of flagging the abuse.
In gentle of lively exploitation, it is important that customers of the ESG software program replace their situations to the newest model as quickly as potential to mitigate potential threats.

The Hacker News Tags:, , , , , , ,

Related Posts

Hazy Hawk Exploits DNS Records to Hijack CDC, Corporate Domains for Malware Delivery Hazy Hawk Exploits DNS Records to Hijack CDC, Corporate Domains for Malware Delivery The Hacker News
Hackers Exploit SharePoint Zero-Day Since July 7 to Steal Keys, Maintain Persistent Access Hackers Exploit SharePoint Zero-Day Since July 7 to Steal Keys, Maintain Persistent Access The Hacker News
Fortinet, Ivanti, and SAP Issue Urgent Patches for Authentication and Code Execution Flaws Fortinet, Ivanti, and SAP Issue Urgent Patches for Authentication and Code Execution Flaws The Hacker News
Researchers Find Malicious VS Code, Go, npm, and Rust Packages Stealing Developer Data Researchers Find Malicious VS Code, Go, npm, and Rust Packages Stealing Developer Data The Hacker News
New TEE.Fail Side-Channel Attack Extracts Secrets from Intel and AMD DDR5 Secure Enclaves New TEE.Fail Side-Channel Attack Extracts Secrets from Intel and AMD DDR5 Secure Enclaves The Hacker News
Why the Identity Security Fabric is Essential for Securing AI and Non-Human Identities Why the Identity Security Fabric is Essential for Securing AI and Non-Human Identities The Hacker News