CVE-2025-59689
6.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
Libraesva ESG 4.5 through 5.5.x before 5.5.7 allows command injection via a compressed e-mail attachment. For ESG 5.0 a fix has been released in 5.0.31. For ESG 5.1 a fix has been released in 5.1.20. For ESG 5.2 a fix has been released in 5.2.31. For ESG 5.4 a fix has been released in 5.4.8. For ESG 5.5. a fix has been released in 5.5.7.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Libraesva | Email Security Gateway | 4.5 < 5.0.31 | affected |
| Libraesva | Email Security Gateway | 5.1 < 5.1.20 | affected |
| Libraesva | Email Security Gateway | 5.2 < 5.2.31 | affected |
| Libraesva | Email Security Gateway | 5.3 < 5.4.8 | affected |
| Libraesva | Email Security Gateway | 5.5 < 5.5.7 | affected |
Weaknesses
- CWE-77: CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: active
- Automatable: no
- Technical Impact: total
Additional References
References
- https://www.libraesva.com/security-blog/
- https://docs.libraesva.com/knowledgebase/security-advisory-command-injection-vulnerability-cve-2025-59689/
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.