By Sead Fadilpašić
Copyright techradar
Skip to main content
Tech Radar Pro
Tech Radar Gaming
Close main menu
the business technology experts
België (Nederlands)
Deutschland
North America
US (English)
Australasia
New Zealand
View Profile
Search TechRadar
Expert Insights
Website builders
Web hosting
Best web hosting
Best office chairs
Best website builder
Best antivirus
Expert Insights
Don’t miss these
CISA flags some more serious Ivanti software flaws, so patch now
Ransomware hackers could be targeting GoAnywhere MFT once again – here’s what we know
Hackers are exploiting a critical RCE Flaw in a popular FTP server — here’s what you need to know
Citrix patches a trio of high-severity security bugs, so be on your guard
Cisco ISE maximum severity flaw lets hackers execute root code
Top file transfer tool CrushFTP says a thousand servers are still vulnerable to cyberattack, so patch now
Top CMS Sitecore patches critical zero-day flaw being hit by hackers
Trend Micro tells users to patch immediately to protect from Apex One zero-day
WinRAR has a serious security flaw – worrying zero-day issue lets hackers plant malware, so patch right away
US federal agency breached by hackers using GeoServer exploit, CISA says
CISA warns hackers are actively exploiting critical CitrixBleed 2
Microsoft releases urgent SharePoint security flaw patches – here’s what you need to know, and how to update
Microsoft urges users to be on alert following high-severity flaw in hybrid Exchange deployments
WatchGuard warns users Firebox firewalls may have a critical issue – here’s what we know
Hacker using backdoor to exploit SonicWall Secure Mobile Access to steal credentials
Libraseva urges users to patch now as it issues emergency fix following attacks
Sead Fadilpašić
24 September 2025
Flaw is being abused by state-sponsored actors
When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.
Image Credit: Pixabay
(Image credit: Geralt / Pixabay)
Libraesva patched CVE-2025-59689, a medium-severity remote command execution vulnerability
Attack exploited compressed email attachments; threat actor likely a hostile foreign state
Versions below 5.0 are unsupported and require manual upgrades to stay secure
Libraesva Email Security Gateway (ESG) has patched a medium-severity vulnerability apparently abused by state-sponsored threat actors to achieve remote command execution (RCE) capabilities on targeted endpoints.
In a security advisory, Libraesva announced addressing a command injection flaw which can be triggered by a malicious email with a specially crafted compressed attachment.
The flaw enabled the execution of arbitrary commands as a non-privileged user, due to improper sanitation during the removal of active code from files contained in some compressed archive formats.
You may like
CISA flags some more serious Ivanti software flaws, so patch now
Ransomware hackers could be targeting GoAnywhere MFT once again – here’s what we know
Hackers are exploiting a critical RCE Flaw in a popular FTP server — here’s what you need to know
“Hostile” attack
The vulnerability is tracked as CVE-2025-59689 and was given a severity score of 6.1/10 (medium).
All versions, from 4.5 onward, were said to be vulnerable. Libraesva released patches for ESG 5.0, 5.1, 5.2, 5.3, 5.4, and 5.5, while versions below 5.0 are no longer supported and need to be manually upgraded.
One attack has been documented so far, the advisory further reads, and the attackers are apparently “a foreign hostile state entity”.
“The single‑appliance focus underscores the precision of the threat actor (believed to be a foreign hostile state) and highlights the importance of rapid, comprehensive patch deployment,” the company stressed.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Contact me with news and offers from other Future brandsReceive email from us on behalf of our trusted partners or sponsorsBy submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.
Libraesva advertises ESG as an advanced email security solution designed to protect organizations from threats like phishing, spam, malware, and business email compromise.
It filters inbound, outbound, and internal email traffic using both gateway-level and API-layer defenses, offering protection for platforms like Microsoft 365 and Google Workspace.
According to BleepingComputer, the company has “thousands” of clients among small and medium-sized organizations, as well as enterprises. In total, more than 200,000 users were said to be using Libraesva ESG, with the platform being particularly popular among entities in education, finance, and government.
You might also like
What is a Secure Web Gateway?
Take a look at our guide to the best authenticator app
We’ve rounded up the best password managers
Sead Fadilpašić
Social Links Navigation
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.
CISA flags some more serious Ivanti software flaws, so patch now
Ransomware hackers could be targeting GoAnywhere MFT once again – here’s what we know
Hackers are exploiting a critical RCE Flaw in a popular FTP server — here’s what you need to know
Citrix patches a trio of high-severity security bugs, so be on your guard
Cisco ISE maximum severity flaw lets hackers execute root code
Top file transfer tool CrushFTP says a thousand servers are still vulnerable to cyberattack, so patch now
Latest in Security
GitHub is finally tightening up security around npm following multiple attacks
Watch out – even small businesses are now facing threats from deepfake attacks
“It could be catastrophic to the city” – US Secret Service takes down massive million-dollar network of SIM cards it says was capable of taking down comms across New York
US federal agency breached by hackers using GeoServer exploit, CISA says
Top auto insurance firm leaked over 5 million records – here’s what we know
Insurance firm AIL allegedly hit in cyberattack – hackers claim info on over 150,000 users stolen, here’s what we know
Latest in News
New Stranger Things season 5 trailer teases one last quest for the Hawkins crew – and lots of unseen footage for the hit Netflix show’s final hurrah
Proton VPN’s no-logs policy holds up under scrutiny of fourth independent audit
Fears of the death of Intel Arc GPUs may be exaggerated – despite Nvidia deal, a powerful new graphics card is rumored
What is the release date for Peacemaker season 2 episode 6 on HBO Max and other streaming services?
Libraseva urges users to patch now as it issues emergency fix following attacks
Two annoying Windows 11 bugs have finally been fixed – and it only took Microsoft a year
LATEST ARTICLES
Top auto insurance firm leaked over 5 million records – here’s what we know
‘That element of the show really captured my mind’ – forget Xenomorphs, Alien: Earth’s cast say the real story is something even darker
US federal agency breached by hackers using GeoServer exploit, CISA says
New Stranger Things season 5 trailer teases one last quest for the Hawkins crew – and lots of unseen footage for the hit Netflix show’s final hurrah
GitHub is finally tightening up security around npm following multiple attacks
TechRadar is part of Future US Inc, an international media group and leading digital publisher. Visit our corporate site.
Contact Future’s experts
Terms and conditions
Privacy policy
Cookies policy
Advertise with us
Web notifications
Accessibility Statement
Future US, Inc. Full 7th Floor, 130 West 42nd Street,
Please login or signup to comment
Please wait…
