Libraesva has released a security update to address a vulnerability in its Email Security Gateway (ESG) solution that it said has been exploited by state-sponsored threat actors.
The vulnerability, tracked as CVE-2025-59689, carries a CVSS score of 6.1, indicating medium severity.
“Libraesva ESG is affected by a command injection flaw that can be triggered by a malicious email containing a