State-sponsored attackers have exploited a zero-day vulnerability identified as CVE-2025-59689 in the Libraesva Email Security Gateway (ESG). This vulnerability, which affects versions from 4.5 to 5.5, is due to improper sanitization of input parameters in certain compressed archive formats. This flaw allows attackers to execute arbitrary shell commands by bypassing the application’s sanitization logic. The company has issued fixes for the 5.x versions via automatic updates, and on-premise users with 4.x versions are required to manually upgrade to a supported version. The patch not only addresses the vulnerability but also includes an automated scan for potential compromises and a module to verify patch integrity. The precision of the attack suggests involvement by a foreign hostile state, emphasizing the need for swift patch deployment. It remains unclear whether Libraesva discovered the breach independently or was informed by another party. Further updates will be provided as more information becomes available.
Has a zero-day vulnerability in Libraesva ESG been exploited by attackers?
