Suspected state-sponsored attackers have exploited a zero-day vulnerability (CVE-2025-59689) in the Libraesva Email Security Gateway (ESG), the Italian email security company has confirmed. About CVE-2025-59689 CVE-2025-59689 is a command injection vulnerability caused by improper sanitization when removing active code from files inside certain compressed archive formats. It can be triggered by emails containing a specially crafted compressed attachment. “Within the archive, the payload files are constructed to manipulate the application’s sanitization logic, exploiting an improper … More
The post Libraesva ESG zero-day vulnerability exploited by attackers (CVE-2025-59689) appeared first on Help Net Security.
This article has been indexed from Help Net Security
Read the original article: