CVE-2025-59689

Summary

Libraesva ESG 4.5 through 5.5.x before 5.5.7 allows command injection via a compressed e-mail attachment. For ESG 5.0 a fix has been released in 5.0.31. For ESG 5.1 a fix has been released in 5.1.20. For ESG 5.2 a fix has been released in 5.2.31. For ESG 5.4 a fix has been released in 5.4.8. For ESG 5.5. a fix has been released in 5.5.7.

Affected Software

VendorProductVersion RangeStatus
LibraesvaEmail Security Gateway4.5 < 5.0.31affected
LibraesvaEmail Security Gateway5.1 < 5.1.20affected
LibraesvaEmail Security Gateway5.2 < 5.2.31affected
LibraesvaEmail Security Gateway5.3 < 5.4.8affected
LibraesvaEmail Security Gateway5.5 < 5.5.7affected

Weaknesses

  • CWE-77: CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: active
    • Automatable: no
    • Technical Impact: total

Additional References

References