CVE-2025-59689_CVE-2025-59689

6.1 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Description

Libraesva ESG 4.5 through 5.5.x before 5.5.7 allows command injection via a compressed e-mail attachment. For ESG 5.0 a fix has been released in 5.0.31. For ESG 5.1 a fix has been released in 5.1.20. For ESG 5.2 a fix has been released in 5.2.31. For ESG 5.4 a fix has been released in 5.4.8. For ESG 5.5. a fix has been released in 5.5.7.

Basic Information

ID CVE-2025-59689

Source mitre

Published Sep 19, 2025 at 00:00

Modified Sep 19, 2025 at 20:17

Affected Product

Vendor Libraesva

Product Email Security Gateway

Version 4.5

Affected Versions Libraesva Email Security Gateway 4.5
Libraesva Email Security Gateway 5.1
Libraesva Email Security Gateway 5.2
Libraesva Email Security Gateway 5.3
Libraesva Email Security Gateway 5.5

CWE Classification

CWE-77

References

{
    "lastseen": "",
    "description": "Libraesva ESG 4.5 through 5.5.x before 5.5.7 allows command injection via a compressed e-mail attachment. For ESG 5.0 a fix has been released in 5.0.31. For ESG 5.1 a fix has been released in 5.1.20. For ESG 5.2 a fix has been released in 5.2.31. For ESG 5.4 a fix has been released in 5.4.8. For ESG 5.5. a fix has been released in 5.5.7.",
    "published": "2025-09-19T00:00:00.000Z",
    "modified": "2025-09-19T20:17:52.557Z",
    "type": "cve",
    "title": "CVE-2025-59689",
    "source": "mitre",
    "references": "https://www.libraesva.com/security-blog/\nhttps://docs.libraesva.com/knowledgebase/security-advisory-command-injection-vulnerability-cve-2025-59689/",
    "id": "CVE-2025-59689",
    "bulletinFamily": "",
    "cwe": [
        "CWE-77"
    ],
    "cvelist": null,
    "sourceData": "Libraesva Email Security Gateway 4.5\nLibraesva Email Security Gateway 5.1\nLibraesva Email Security Gateway 5.2\nLibraesva Email Security Gateway 5.3\nLibraesva Email Security Gateway 5.5",
    "sourceHref": "",
    "cvss": {
        "score": 6.1,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Email Security Gateway",
    "version": "4.5",
    "vendor": "Libraesva",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}