A command injection vulnerability in the Libraesva Email Security Gateway (ESG), tracked as CVE-2025-59689, has been actively exploited in the wild just ten days after its disclosure. This medium-severity flaw, with a CVSS score of 6.1, affects versions 4.5 through 5.5.x prior to 5.5.7, allowing attackers to execute arbitrary commands via compressed email attachments.
The vulnerability, which falls under CWE-77, was added to the Known Exploited Vulnerabilities (KEV) catalog on September 29, 2025, underscoring its active exploitation status. The rapid exploitation timeline, with a TTE-wild of 10 days, highlights the urgency for organizations using affected versions of Libraesva ESG to apply patches immediately.
Libraesva has released patches for multiple versions to address this issue. Users of ESG 5.0 should upgrade to version 5.0.31, ESG 5.1 to version 5.1.20, ESG 5.2 to version 5.2.31, and ESG 5.4 to version 5.4.8. The vulnerability's exploitation potential is further emphasized by its inclusion in the Security System Vulnerability Classification (SSVC) as 'attend,' indicating that organizations should prioritize addressing this flaw.
Security teams are advised to verify their systems against the patched versions and monitor for any signs of compromise, particularly focusing on unusual activity related to email attachments. Given the active exploitation, immediate action is crucial to mitigate potential breaches and protect sensitive information from being compromised.
CSURFACE