""This occurs due to an improper sanitization during the removal of active code from files contained in some compressed archive formats," the company explains. The CVE is triggered with specific archive formats containing payloads that exploit an improper input sanitization bug to execute arbitrary shell commands. The security defect affects Libraesva ESG versions 4.5 through 5.5, but fixes were released only for ESG 5.x versions, as the 4.x versions have been discontinued."
"Libraesva pushed the patches to both cloud and on-premise ESG deployments and says all appliances are now running a fixed software iteration. Customers running on-premise ESG 4.x versions are advised to manually update to a patched 5.x version as soon as possible, given that the vulnerability has been exploited."
""One confirmed incident of abuse has been identified. The threat actor is believed to be a foreign hostile state entity," Libraesva says. "The single‑appliance focus underscores the precision of the threat actor (believed to be a foreign hostile state) and highlights the importance of rapid, comprehensive patch deployment," the company notes."
An input-sanitization command-injection flaw (CVE-2025-59689, CVSS 6.1) enables arbitrary shell command execution as a non-privileged user when processing crafted compressed email attachments. The defect occurs during removal of active code from files in specific compressed archive formats. Affected Libraesva ESG versions include 4.5 through 5.5; fixes were released for ESG 5.x only because 4.x has been discontinued. Patches were pushed to cloud and on-premise deployments and include IoC scanning plus a self-assessment module to verify patch integrity and hunt residual threats. One confirmed abuse incident, attributed to a suspected foreign hostile state, was identified.
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]