Subj : Libraseva urges users to patch now as it issues emergency fix fol
To   : All
From : TechnologyDaily
Date : Wed Sep 24 2025 16:30:08

Libraseva urges users to patch now as it issues emergency fix following 
attacks

Date:
Wed, 24 Sep 2025 15:23:00 +0000

Description:
A fix was released for multiple versions of the Libraseva tool.

FULL STORY
======================================================================Libraesv
a patched CVE-2025-59689, a medium-severity remote command execution 
vulnerability Attack exploited compressed email attachments; threat actor 
likely a hostile foreign state Versions below 5.0 are unsupported and require 
manual upgrades to stay secure 

Libraesva Email Security Gateway (ESG) has patched a medium-severity 
vulnerability apparently abused by state-sponsored threat actors to achieve 
remote command execution (RCE) capabilities on targeted endpoints . 

In a security advisory, Libraesva announced addressing a command injection 
flaw which can be triggered by a malicious email with a specially crafted 
compressed attachment. 

The flaw enabled the execution of arbitrary commands as a non-privileged 
user, due to improper sanitation during the removal of active code from files 
contained in some compressed archive formats. "Hostile" attack 

The vulnerability is tracked as CVE-2025-59689 and was given a severity score 
of 6.1/10 (medium). 

All versions, from 4.5 onward, were said to be vulnerable. Libraesva released 
patches for ESG 5.0, 5.1, 5.2, 5.3, 5.4, and 5.5, while versions below 5.0 
are no longer supported and need to be manually upgraded. 

One attack has been documented so far, the advisory further reads, and the 
attackers are apparently a foreign hostile state entity. 

The singleappliance focus underscores the precision of the threat actor 
(believed to be a foreign hostile state) and highlights the importance of 
rapid, comprehensive patch deployment, the company stressed. 

Libraesva advertises ESG as an advanced email security solution designed to 
protect organizations from threats like phishing, spam, malware, and business 
email compromise. 

It filters inbound, outbound, and internal email traffic using both 
gateway-level and API-layer defenses, offering protection for platforms like 
Microsoft 365 and Google Workspace. 

According to BleepingComputer , the company has thousands of clients among 
small and medium-sized organizations, as well as enterprises. In total, more 
than 200,000 users were said to be using Libraesva ESG, with the platform 
being particularly popular among entities in education, finance, and 
government. You might also like What is a Secure Web Gateway? Take a look at 
our guide to the best authenticator app We've rounded up the best password 
managers



======================================================================
Link to news story:
https://www.techradar.com/pro/security/libraseva-urges-users-to-patch-now-as-i
t-issues-emergency-fix-following-attacks


--- Mystic BBS v1.12 A49 (Linux/64)
 * Origin: tqwNet Technology News (1337:1/100)

.