Libraesva ESG 4.5 < 5.0.31 / 5.1.20 / 5.2.31 / 5.3.16 / 5.4.8 / 5.5.7 Command Injection (CVE-2025-59689)

The version of Libraesva ESG installed on the remote host is affected by a command injection flaw as referenced in the CVE-2025-59689 advisory. The vulnerability is triggered by an improper sanitization mechanism when removing active code from specific compressed archive formats. An attacker can...

Libraesva Email Security Gateway (ESG) Web UI Detection

Binary data libraesvaemailsecuritygatewaydetect.nbin...

CISA Adds Five Known Exploited Vulnerabilities to Catalog

CISA has added five new vulnerabilities to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2021-21311link is external Adminer Server-Side Request Forgery Vulnerability CVE-2025-20352link is external Cisco IOS and IOS XE Software SNMP Denial of Servic...

Libraesva Email Security Gateway Command Injection Vulnerability

Libraesva Email Security Gateway ESG contains a command injection vulnerability which allows command injection via a compressed e-mail attachment...

State-Sponsored Hackers Exploiting Libraesva Email Security Gateway Vulnerability

Libraesva has released a security update to address a vulnerability in its Email Security Gateway ESG solution that it said has been exploited by state-sponsored threat actors. The vulnerability, tracked as CVE-2025-59689 , carries a CVSS score of 6.1, indicating medium severity. "Libraesva ESG i...

VulnCheck KEV: CVE-2025-59689

Libraesva ESG 4.5 through 5.5.x before 5.5.7 allows command injection via a compressed e-mail attachment. For ESG 5.0 a fix has been released in 5.0.31. For ESG 5.1 a fix has been released in 5.1.20. For ESG 5.2 a fix has been released in 5.2.31. For ESG 5.4 a fix has been released in 5.4.8. For...

CVE-2025-59689

Libraesva ESG 4.5 through 5.5.x before 5.5.7 allows command injection via a compressed e-mail attachment. For ESG 5.0 a fix has been released in 5.0.31. For ESG 5.1 a fix has been released in 5.1.20. For ESG 5.2 a fix has been released in 5.2.31. For ESG 5.4 a fix has been released in 5.4.8. For...

Libraesva Email Security Gateway 安全漏洞

Libraesva Email Security Gateway is an email security gateway from Libraesva Italy. A security vulnerability exists in Libraesva Email Security Gateway versions prior to 4.5 to 5.5.7, which stems from improper handling of compressed email attachments and can lead to command injection attacks...

CVE-2025-59689

Libraesva ESG 4.5 through 5.5.x before 5.5.7 allows command injection via a compressed e-mail attachment. For ESG 5.0 a fix has been released in 5.0.31. For ESG 5.1 a fix has been released in 5.1.20. For ESG 5.2 a fix has been released in 5.2.31. For ESG 5.4 a fix has been released in 5.4.8. For...

CVE-2025-59689

Libraesva ESG 4.5 through 5.5.x before 5.5.7 allows command injection via a compressed e-mail attachment. For ESG 5.0 a fix has been released in 5.0.31. For ESG 5.1 a fix has been released in 5.1.20. For ESG 5.2 a fix has been released in 5.2.31. For ESG 5.4 a fix has been released in 5.4.8. For...

CVE-2025-59689

Libraesva ESG is affected by CVE-2025-59689. The vulnerability allows command injection via a specially crafted compressed email attachment, impacting ESG 4.5 through 5.5.x prior to fixed versions. Affected fixes are: ESG 5.0.31, ESG 5.1.20, ESG 5.2.31, ESG 5.4.8, and ESG 5.5.7 (with older 4.5–5....

EUVD-2025-30249

Libraesva ESG 4.5 through 5.5.x before 5.5.7 allows command injection via a compressed e-mail attachment. For ESG 5.0 a fix has been released in 5.0.31. For ESG 5.1 a fix has been released in 5.1.20. For ESG 5.2 a fix has been released in 5.2.31. For ESG 5.4 a fix has been released in 5.4.8. For...

PT-2025-38625

Name of the Vulnerable Software and Affected Versions Libraesva Email Security Gateway versions 4.5 through 5.5.x before 5.5.7 Libraesva Email Security Gateway version 5.0 through 5.0.31 Libraesva Email Security Gateway version 5.1 through 5.1.20 Libraesva Email Security Gateway version 5.2 throu...

EMail Security Virtual Appliance Detection

EMail Security Virtual Appliance, an email filtering and security application, is installed on the remote host. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid61995; scriptversion"1.4"; scriptcvsdate"Date: 2019/11/25"; scriptnameenglish:"EMail Security Virtual...