State-sponsored hackers have exploited a vulnerability in the Libraesva Email Security Gateway through malicious email attachments. The vulnerability is a command injection flaw, tracked as CVE-2025-59689, that allows attackers to execute arbitrary commands on a system.
The Libraesva Email Security Gateway is an email protection solution developed by the Italian cybersecurity company Libraesva. It is designed to protect organizations from various email threats, including spam, malware, and advanced persistent threats.
According to the company’s advisory, an attacker can trigger the vulnerability by sending a malicious email with a specially crafted compressed attachment. The flaw is due to improper sanitization of code in certain compressed archives. The archive manipulates the application’s sanitization logic, allowing a bypass that lets the attacker execute shell commands as a non-privileged user.
Libraesva has identified at least one incident involving this vulnerability and believes the attack was carried out by a "foreign hostile state entity." The vulnerability affects Libraesva ESG versions 4.5 up to 5.5, but a patch was only released for versions 5.x because versions 4.x are no longer supported.
The company stressed the importance of rapid and comprehensive patch deployment to protect against such precise attacks.
Found this article interesting? Follow us on X(Twitter) ,Threads and FaceBook to read more exclusive content we post.
