Libraesva has rolled out an emergency security update for its Email Security Gateway (ESG) after confirming that a command injection vulnerability, tracked as CVE-2025-59689, was exploited in the wild by what it described as a foreign hostile state entity. The bug carries a CVSS score of 6.1 and was disclosed after one confirmed incident of abuse.
The flaw affects Libraesva ESG versions 4.5 through 5.5.x prior to 5.5.7, which are widely deployed by small and medium businesses as well as large enterprises, protecting more than 200,000 users.
According to the vendor, the weakness arises from improper sanitization of files contained within certain compressed archive formats. Attackers can weaponize email attachments to bypass the security gateway’s filtering logic and ultimately execute arbitrary shell commands under a non-privileged user account.
The vulnerability is activated solely by processing a specially crafted attachment; if exploited, it can erode the integrity of the email-security stack and permit further intrusion. Libraesva said the observed attack focused on a single appliance, suggesting a targeted and precise operation.
A fix was deployed within 17 hours of discovery, with patches issued across all supported product lines: 5.0.31, 5.1.20, 5.2.31, 5.3.16, 5.4.8, and 5.5.7. Customers running end-of-life 4.x versions must manually upgrade to supported builds.
The company has advised all ESG users to apply the update immediately, which not only fixes the sanitization flaw but also runs an automated scan for indicators of compromise and verifies patch integrity, along with residual threat detection using the included self-assessment tool.
The case illustrates that security products are no longer off-limits to attackers. By turning email gateways into entry points, adversaries force organisations to treat patching not as maintenance but as a frontline defence measure.
Caught feelings for cybersecurity? It’s okay, it happens. Follow us on LinkedIn and Instagram to keep the spark alive.
