CVE-2025-59689

KEV
Published: Set 19, 2025 Last Modified: Nov 05, 2025
ExploitDB:
Other exploit source:
Google Dorks:
MEDIUM 6,1
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: none
User Interaction: required
Scope: changed
Confidentiality: low
Integrity: low
Availability: none

Description

AI Translation Available

Libraesva ESG 4.5 through 5.5.x before 5.5.7 allows command injection via a compressed e-mail attachment. For ESG 5.0 a fix has been released in 5.0.31. For ESG 5.1 a fix has been released in 5.1.20. For ESG 5.2 a fix has been released in 5.2.31. For ESG 5.4 a fix has been released in 5.4.8. For ESG 5.5. a fix has been released in 5.5.7.

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score
0,1136
Percentile
0,9th
Updated

EPSS Score Trend (Last 90 Days)

77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

Draft
Abstraction: Class Structure: Simple
Common Consequences
Security Scopes Affected:
Integrity Confidentiality Availability
Potential Impacts:
Execute Unauthorized Code Or Commands
Applicable Platforms
Technologies: AI/ML
Likelihood of Exploit: High
View CWE Details
Application

Email Security Gateway by Libraesva

Product Information
Vendor Libraesva
Product Email Security Gateway
Version Range Affected
From 5.2.0 (inclusive)
To 5.2.31 (exclusive)
cpe:2.3:a:libraesva:email_security_gateway:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Email Security Gateway by Libraesva

Product Information
Vendor Libraesva
Product Email Security Gateway
Version Range Affected
From 5.5.0 (inclusive)
To 5.5.7 (exclusive)
cpe:2.3:a:libraesva:email_security_gateway:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Email Security Gateway by Libraesva

Product Information
Vendor Libraesva
Product Email Security Gateway
Version Range Affected
From 5.1.0 (inclusive)
To 5.1.20 (exclusive)
cpe:2.3:a:libraesva:email_security_gateway:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Email Security Gateway by Libraesva

Product Information
Vendor Libraesva
Product Email Security Gateway
Version Range Affected
From 5.4.0 (inclusive)
To 5.4.8 (exclusive)
cpe:2.3:a:libraesva:email_security_gateway:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Email Security Gateway by Libraesva

Product Information
Vendor Libraesva
Product Email Security Gateway
Version Range Affected
From 4.5 (inclusive)
To 5.0.31 (exclusive)
cpe:2.3:a:libraesva:email_security_gateway:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Email Security Gateway by Libraesva

Product Information
Vendor Libraesva
Product Email Security Gateway
Version Range Affected
From 5.3.0 (inclusive)
To 5.3.16 (exclusive)
cpe:2.3:a:libraesva:email_security_gateway:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://www.cisa.gov/known-exploited-vulnerabilities-catalo…
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025…
https://docs.libraesva.com/knowledgebase/security-advisory-…
https://docs.libraesva.com/knowledgebase/security-advisory-command-injection-vu…
https://www.libraesva.com/security-blog/
https://www.libraesva.com/security-blog/