Critical command injection vulnerability in Libraesva Email Security Gateway allowing remote code execution via malicious compressed email attachments. This vulnerability is actively exploited in the wild and affects internet-facing email security appliances.
Data Source: CIRCL
Confidence: HIGH
Exploitation Method: DIRECT_NETWORK
📅 CVE Published: 2025-09-19
📅 Added to CISA KEV: 2025-09-29 10 DAYS BETWEEN CVE AND KEV
The flaw, identified as CVE-2025-59689, allowed attackers to execute arbitrary commands by sending a malicious email with a specially crafted compressed attachment. The company responded by deploying an automated fix to customers within 17 hours of discovering the active exploitation.
CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2025-38352
The vulnerability, tracked as CVE-2025-59689, affects multiple versions of the popular email security platform and has already been exploited by what security researchers believe to be a foreign state-sponsored threat actor. The vulnerability stems from improper input sanitization during the removal of active code from files contained within compressed archive formats.
Kali Linux 2025.3 brings improved virtual machine tooling, 10 new tools OffSec has released Kali Linux 2025.3, the most up-to-date version of its popular penetration testing and digital forensics platform. Libraesva ESG zero-day vulnerability exploited by attackers (CVE-2025-59689) Suspected state-sponsored attackers have exploited a zero-day vulnerability (CVE-2025-59689) in the Libraesva Email Security Gateway (ESG), the Italian email security company has confirmed.
Description. Libraesva ESG is affected by a command injection flaw that can be triggered by a malicious e-mail containing a specially ...