What is CVE-2025-59689?

A command injection vulnerability exists in Libraesva Email Security Gateway versions 4.5 through 5.5.x prior to 5.5.7. Organizations must prioritize patching to prevent potential exploitation via malformed email attachments.

What is the severity of CVE-2025-59689?

CVE-2025-59689 has a severity rating of MEDIUM with a CVSS base score of 6.1.

Is CVE-2025-59689 in CISA KEV?

Yes. CVE-2025-59689 is listed in the CISA Known Exploited Vulnerabilities (KEV) catalog. Organizations should prioritize remediation.

CVE-2025-59689 | Medium Vulnerability in Libraesva Email Security Gateway

Libraesva Email Security Gateway (ESG) versions 4.5 through 5.5.x before 5.5.7 contain a command injection vulnerability that allows attackers to execute commands through compressed email attachments. This vulnerability could potentially expose sensitive information or allow unauthorized control of the affected system. The CVSS score of 6.1 indicates a medium severity level, necessitating prompt attention from organizations utilizing the affected software.

As this vulnerability allows for command injection, the risk to organizations includes unauthorized access to system resources and potential data breaches. The attack vector is categorized as network-based, indicating that remote exploitation is possible. User interaction is required, which adds a layer of complexity to the attack. Organizations should be aware of the publication date of this vulnerability, September 19, 2025, and the urgency surrounding its remediation.

Patching guidance has been provided for various versions of Libraesva ESG. Fixes have been released for versions 5.0 (5.0.31), 5.1 (5.1.20), 5.2 (5.2.31), 5.4 (5.4.8), and 5.5 (5.5.7). Organizations using any vulnerable versions should prioritize updating to the latest releases to mitigate the risk associated with this vulnerability.

Currently, no public exploits have been confirmed, but organizations should remain vigilant and monitor for any emerging threats related to this vulnerability. The importance of patching cannot be overstated, as attackers may actively seek to exploit unpatched systems.

To further enhance security, organizations are encouraged to implement additional security measures and monitoring protocols, particularly for email communications, which are often targeted vectors for malicious activities.

Vulnerability Details

The command injection vulnerability in Libraesva ESG is classified as CWE-77. It allows attackers to execute arbitrary commands on the system by leveraging a crafted compressed email attachment. The affected versions include all releases from 4.5 up to but not including 5.5.7.

The CVSS score of 6.1 reflects the medium severity of this vulnerability, highlighting the potential impacts on confidentiality and integrity, albeit with no availability impact. Organizations should also note that user interaction is required for the exploitation of this vulnerability.

Technical Analysis

The root cause of this vulnerability is the insufficient validation of user-supplied input, particularly in the handling of compressed email attachments. Attackers may exploit this weakness by crafting a malicious attachment that, when processed by the ESG, can lead to command execution.

The attack vector is network-based, meaning attackers can target systems remotely without needing physical access. The complexity of the attack is rated as low, with no privileges required for execution, but it necessitates user interaction to open the malicious email attachment.

The impact on confidentiality and integrity is categorized as low, indicating that while sensitive information could be exposed, the immediate effects may not be catastrophic if the vulnerability is exploited. However, the potential for unauthorized access remains a significant concern.

Risk & Impact Analysis

Organizations employing Libraesva ESG face real-world risks associated with this command injection vulnerability. The potential for unauthorized command execution poses a significant threat, especially in environments where email serves as a critical communication tool. The blast radius could extend to sensitive data exposure and potential breaches, affecting both organizational reputation and compliance with data protection regulations.

Given the CVSS score of 6.1, organizations should assess the urgency of addressing this vulnerability based on their operational context and the criticality of the affected systems. This vulnerability is included in the Known Exploited Vulnerabilities (KEV) catalog, indicating that it is actively monitored for exploitation. Organizations should prioritize patching immediately to mitigate risks.

Exploitation Status

Signal	Status
Known Exploit	No
Public PoC	No
Actively Exploited	Yes
Ransomware Use	No

Affected Versions

The vulnerability affects Libraesva Email Security Gateway versions 4.5 through 5.5.x prior to 5.5.7. Specifically, the following versions are vulnerable: 4.5 to 5.0.30, 5.1.0 to 5.1.19, 5.2.0 to 5.2.30, 5.3.0 to 5.3.15, 5.4.0 to 5.4.7, and 5.5.0 to 5.5.6.

Mitigation & Remediation

Organizations should apply patches or upgrades provided by Libraesva to remediate this vulnerability. For ESG 5.0, the fix is in version 5.0.31; for 5.1, it is in 5.1.20; for 5.2, it is in 5.2.31; for 5.4, it is in 5.4.8; and for 5.5, it is in 5.5.7.

If a patch is unavailable, organizations should consider implementing additional security measures such as email filtering and monitoring to detect suspicious attachments. Regular security assessments and penetration testing can also help identify any vulnerabilities in the environment.

For further guidance on patching and security best practices, organizations can refer to the penetration testing services offered by AppSecure.

Detection Guidance

Organizations should monitor logs for unusual activity related to email attachments. Key indicators include unexpected command executions, suspicious file types in email attachments, and patterns of user interactions with email content. Behavioral anomalies should be flagged for further investigation.

AppSecure Threat Intelligence Insight

The command injection vulnerability in Libraesva ESG exemplifies the critical need for robust email security measures. As organizations increasingly rely on digital communications, attackers continually seek to exploit weaknesses in email systems. This vulnerability also highlights the importance of timely patch management and proactive security measures.

Organizations should implement a comprehensive vulnerability management program to ensure ongoing awareness and remediation of security issues.

Regular training and awareness programs can help employees recognize potential threats, further strengthening the organization's defense posture against email-based attacks.

For insights on best practices in penetration testing, organizations should refer to the penetration testing methodology guide offered by AppSecure.

In conclusion, the Libraesva ESG command injection vulnerability underscores the importance of maintaining a strong security posture through regular updates, employee training, and effective monitoring strategies.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2025-59689: Medium Vulnerability in Libraesva Email Security Gateway