CVE-2025-59689NVD

Vulnerability Summary

Libraesva ESG 4.5 through 5.5.x before 5.5.7 allows command injection via a compressed e-mail attachment. For ESG 5.0 a fix has been released in 5.0.31. For ESG 5.1 a fix has been released in 5.1.20. For ESG 5.2 a fix has been released in 5.2.31. For ESG 5.4 a fix has been released in 5.4.8. For ESG 5.5. a fix has been released in 5.5.7.

Severity Level

MEDIUM(6.1)

Published Date

Sep 19, 2025

Last Modified

Oct 21, 2025

Exploitation Status

ACTIVE

Root Weakness (CWE)

N/A

EPSS Score (30-Day)

Data Pending

CVSS v3.1 Base Metrics

Attack VectorNetwork

Attack ComplexityLow

Privileges RequiredNone

User InteractionRequired

ScopeChanged

ConfidentialityLow

IntegrityLow

AvailabilityNone

External References

https://www.libraesva.com/security-blog/
https://docs.libraesva.com/knowledgebase/security-advisory-command-injection-vulnerability-cve-2025-59689/