Particle.news
Download on the App Store
3 ARTICLES
·
4h ago

Libraesva Rushes Patch for ESG Flaw Exploited by Suspected State Actor

Libraesva urges immediate updates to mitigate active exploitation.

Libraesva ESG vulnerability exploited
Image

Overview

  • Tracked as CVE-2025-59689 (CVSS 6.1), the bug allows command execution via a malicious email carrying a specially crafted compressed attachment.
  • The issue affects ESG versions 4.5 through 5.5.x before fixes, which were released as 5.0.31, 5.1.20, 5.2.31, 5.3.16, 5.4.8, and 5.5.7.
  • An emergency update was issued roughly 17 hours after abuse was identified and was automatically deployed to cloud and on‑premises 5.x appliances.
  • The patches include a sanitization fix, automated scanning for indicators of compromise, and a self‑assessment module to verify successful remediation.
  • Libraesva confirmed at least one in‑the‑wild incident by a threat actor believed to be a foreign hostile state and warned 4.x users must manually upgrade, noting the platform protects thousands of organizations serving over 200,000 users.