Vulnerability Description
Libraesva ESG 4.5 through 5.5.x before 5.5.7 allows command injection via a compressed e-mail attachment. For ESG 5.0 a fix has been released in 5.0.31. For ESG 5.1 a fix has been released in 5.1.20. For ESG 5.2 a fix has been released in 5.2.31. For ESG 5.4 a fix has been released in 5.4.8. For ESG 5.5. a fix has been released in 5.5.7.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Libraesva | Email Security Gateway | >= 4.5, < 5.0.31 |
Related Weaknesses (CWE)
References
- https://docs.libraesva.com/knowledgebase/security-advisory-command-injection-vulVendor Advisory
- https://www.libraesva.com/security-blog/Vendor Advisory
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-US Government Resource
FAQ
What is CVE-2025-59689?
CVE-2025-59689 is a vulnerability with a CVSS score of 6.1 (MEDIUM). Libraesva ESG 4.5 through 5.5.x before 5.5.7 allows command injection via a compressed e-mail attachment. For ESG 5.0 a fix has been released in 5.0.31. For ESG 5.1 a fix has been released in 5.1.20. ...
How severe is CVE-2025-59689?
CVE-2025-59689 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-59689?
Check the references section above for vendor advisories and patch information. Affected products include: Libraesva Email Security Gateway.