CVE-2025-59689

State-backed hackers exploited Libraesva ESG flaw; vendor issues urgent patch

News, Risk, Vendors, Vulnerabilities

September 24, 2025

Libraesva disclosed a state-sponsored exploitation of a vulnerability in its Email Security Gateway (ESG), tracked as CVE-2025-59689. The flaw, a command injection triggered by specially crafted compressed attachments, affects ESG versions 4.5 through 5.5.x before 5.5.7. Patches are available, and end-of-support for older builds mandates manual upgrades.