CVE-2025-59689 is a command injection vulnerability classified under CWE-77 affecting Libraesva Email Security Gateway (ESG) versions 4.5 through 5.5.x prior to 5.5.7. The vulnerability stems from improper neutralization of special elements in compressed email attachments, which allows an attacker to craft a malicious compressed file that, when processed by the ESG, leads to arbitrary command execution on the underlying system. This flaw can be exploited remotely without authentication but requires user interaction, specifically the processing or opening of a malicious compressed attachment. The vulnerability impacts multiple versions of the product, with fixes released in versions 5.0.31, 5.1.20, 5.2.31, 5.4.8, and 5.5.7. The CVSS v3.1 base score is 6.1, reflecting medium severity, with attack vector network (AV:N), low attack complexity (AC:L), no privileges required (PR:N), user interaction required (UI:R), scope changed (S:C), and partial impact on confidentiality and integrity (C:L/I:L) but no impact on availability (A:N). No public exploits have been reported yet, but the vulnerability poses a significant risk due to the nature of email gateways as critical security infrastructure. Successful exploitation could allow attackers to execute arbitrary commands, potentially leading to data leakage, manipulation, or further compromise within the network.

The vulnerability could allow remote attackers to execute arbitrary commands on affected Libraesva ESG systems by sending specially crafted compressed email attachments. This can lead to unauthorized disclosure of sensitive email content (confidentiality impact) and unauthorized modification of system or email data (integrity impact). Although availability is not directly affected, the compromise of an email gateway can disrupt email security operations and trust. Organizations relying on Libraesva ESG for email filtering and protection could face increased risk of targeted attacks, data breaches, and lateral movement within their networks. The requirement for user interaction limits automated exploitation but does not eliminate risk, especially in environments with high email traffic and users prone to opening attachments. The scope change indicates that the vulnerability could affect components beyond the initial vulnerable process, potentially broadening the impact. Given the central role of email gateways in organizational security, exploitation could facilitate phishing, malware delivery, or espionage campaigns.

Organizations should immediately verify their Libraesva ESG version and apply the appropriate patches: 5.0.31 for ESG 5.0, 5.1.20 for ESG 5.1, 5.2.31 for ESG 5.2, 5.4.8 for ESG 5.4, and 5.5.7 for ESG 5.5. For versions 4.5 and others not explicitly patched, upgrade to a supported and patched version is strongly recommended. Additionally, implement strict email attachment filtering policies to block or quarantine compressed attachments from untrusted sources. Employ sandboxing or detonation chambers to analyze attachments before delivery to end users. Enhance user awareness training to reduce the risk of opening suspicious attachments. Monitor ESG logs and network traffic for unusual command execution patterns or anomalies. Restrict ESG administrative access and isolate the gateway within a segmented network zone to limit lateral movement if compromised. Regularly audit and update security configurations to minimize attack surface.