Latest News

2 minute read

State-Sponsored Hackers Exploiting Libraesva Email Security Gateway Vulnerability

info@thehackernews.com (The Hacker News)

September 24, 2025

Libraesva has released a security update to address a vulnerability in its Email Security Gateway (ESG) solution that it said has been exploited by state-sponsored threat actors. The vulnerability, tracked as CVE-2025-59689, carries a CVSS score of 6.1, indicating medium severity. “Libraesva ESG is affected by a command injection flaw that can be triggered by a malicious email containing a

Libraesva Email Security Gateway Vulnerability

Libraesva has released a security update to address a vulnerability in its Email Security Gateway (ESG) solution that it said has been exploited by state-sponsored threat actors.

The vulnerability, tracked as CVE-2025-59689, carries a CVSS score of 6.1, indicating medium severity.

“Libraesva ESG is affected by a command injection flaw that can be triggered by a malicious email containing a specially crafted compressed attachment, allowing potential execution of arbitrary commands as a non-privileged user,” Libraesva said in an advisory.

“This occurs due to an improper sanitization during the removal of active code from files contained in some compressed archive formats.”

In a hypothetical attack scenario, an attacker could exploit the flaw by sending an email containing a specially crafted compressed archive, allowing a threat actor to leverage the application’s improper sanitization logic to ultimately execute arbitrary shell commands.

The shortcoming affects Libraesva ESG versions 4.5 through 5.5.x before 5.5.7, with fixes released in 5.0.31, 5.1.20, 5.2.31, 5.3.16, 5.4.8, and 5.5.7. Libraesva noted in the alert that versions below 5.0 have reached end-of-support and must be manually upgraded to a supported release.

The Italian email security company also acknowledged that it has identified one confirmed incident of abuse, and that the threat actor is “believed to be a foreign hostile state entity.” It did not share any further details on the nature of the activity, or who may be behind it.

“The single‑appliance focus underscores the precision of the threat actor (believed to be a foreign hostile state) and highlights the importance of rapid, comprehensive patch deployment,” Libraesva said, adding it deployed a fix within 17 hours of flagging the abuse.

In light of active exploitation, it’s essential that users of the ESG software update their instances to the latest version as soon as possible to mitigate potential threats.

Found this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post.

The Hacker News

Latest News

South Korea probes credit card company data breach affecting 3 million customers

September 23, 2025

Latest News

Hackers Exploit Pandoc CVE-2025-51591 to Target AWS IMDS and Steal EC2 IAM Credentials

September 24, 2025

2 min

Latest News

U.S. Prosecutors Indict Cybersecurity Insiders Accused of BlackCat Ransomware Attacks

Federal prosecutors in the U.S. have accused a trio of allegedly hacking the networks of five U.S. companies with BlackCat (aka ALPHV) ransomware between May and November 2023 and extorting them. Ryan Clifford Goldberg, Kevin Tyler Martin, and an unnamed co–conspirator (aka "Co-Conspirator 1") based in Florida, all U.S. nationals, are said to have used the ransomware strain against a medical

info@thehackernews.com (The Hacker News)

November 4, 2025

6 min

Latest News

Product Walkthrough: How Passwork 7 Addresses Complexity of Enterprise Security

Passwork is positioned as an on-premises unified platform for both password and secrets management, aiming to address the increasing complexity of credential storage and sharing in modern organizations. The platform recently received a major update that reworks all the core mechanics. Passwork 7 introduces significant changes to how credentials are organized, accessed, and managed, reflecting

info@thehackernews.com (The Hacker News)

October 3, 2025

2 min

Latest News

Fortra GoAnywhere CVSS 10 Flaw Exploited as 0-Day a Week Before Public Disclosure

Cybersecurity company watchTowr Labs has disclosed that it has "credible evidence" of active exploitation of the recently disclosed security flaw in Fortra GoAnywhere Managed File Transfer (MFT) software as early as September 10, 2025, a whole week before it was publicly disclosed. "This is not 'just' a CVSS 10.0 flaw in a solution long favored by APT groups and ransomware operators – it is a

info@thehackernews.com (The Hacker News)

September 26, 2025

Hand-Picked Top-Read Stories

ThreatsDay Bulletin: Stealth Loaders, AI Chatbot Flaws AI Exploits, Docker Hack, and 15 More Stories

LastPass 2022 Breach Led to Years-Long Cryptocurrency Thefts, TRM Labs Finds

Fortinet Warns of Active Exploitation of FortiOS SSL VPN 2FA Bypass Vulnerability

Trending Tags

State-Sponsored Hackers Exploiting Libraesva Email Security Gateway Vulnerability

Previous Post

South Korea probes credit card company data breach affecting 3 million customers

Next Post

Hackers Exploit Pandoc CVE-2025-51591 to Target AWS IMDS and Steal EC2 IAM Credentials

ThreatsDay Bulletin: Stealth Loaders, AI Chatbot Flaws AI Exploits, Docker Hack, and 15 More Stories

LastPass 2022 Breach Led to Years-Long Cryptocurrency Thefts, TRM Labs Finds

Fortinet Warns of Active Exploitation of FortiOS SSL VPN 2FA Bypass Vulnerability

CISA Flags Actively Exploited Digiever NVR Vulnerability Allowing Remote Code Execution

New MacSync macOS Stealer Uses Signed App to Bypass Apple Gatekeeper

State-Sponsored Hackers Exploiting Libraesva Email Security Gateway Vulnerability

Previous Post

Next Post

Related Posts