{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-04T07:05:38.717","vulnerabilities":[{"cve":{"id":"CVE-2025-59689","sourceIdentifier":"cve@mitre.org","published":"2025-09-19T20:15:40.340","lastModified":"2025-11-05T19:25:35.093","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Libraesva ESG 4.5 through 5.5.x before 5.5.7 allows command injection via a compressed e-mail attachment. For ESG 5.0 a fix has been released in 5.0.31. For ESG 5.1 a fix has been released in 5.1.20. For ESG 5.2 a fix has been released in 5.2.31. For ESG 5.4 a fix has been released in 5.4.8. For ESG 5.5. a fix has been released in 5.5.7."}],"metrics":{"cvssMetricV31":[{"source":"cve@mitre.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}]},"cisaExploitAdd":"2025-09-29","cisaActionDue":"2025-10-20","cisaRequiredAction":"Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.","cisaVulnerabilityName":"Libraesva Email Security Gateway Command Injection Vulnerability","weaknesses":[{"source":"cve@mitre.org","type":"Secondary","description":[{"lang":"en","value":"CWE-77"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:libraesva:email_security_gateway:*:*:*:*:*:*:*:*","versionStartIncluding":"4.5","versionEndExcluding":"5.0.31","matchCriteriaId":"C7388039-AE70-47F1-A389-EF05FCB34E61"},{"vulnerable":true,"criteria":"cpe:2.3:a:libraesva:email_security_gateway:*:*:*:*:*:*:*:*","versionStartIncluding":"5.1.0","versionEndExcluding":"5.1.20","matchCriteriaId":"A280A808-E1F6-4B0A-B44F-47E5C9152B36"},{"vulnerable":true,"criteria":"cpe:2.3:a:libraesva:email_security_gateway:*:*:*:*:*:*:*:*","versionStartIncluding":"5.2.0","versionEndExcluding":"5.2.31","matchCriteriaId":"62A71B25-7262-43CC-94E8-C92CC5932D86"},{"vulnerable":true,"criteria":"cpe:2.3:a:libraesva:email_security_gateway:*:*:*:*:*:*:*:*","versionStartIncluding":"5.3.0","versionEndExcluding":"5.3.16","matchCriteriaId":"EDC45835-D39B-47A1-BE61-42CD7ACD6988"},{"vulnerable":true,"criteria":"cpe:2.3:a:libraesva:email_security_gateway:*:*:*:*:*:*:*:*","versionStartIncluding":"5.4.0","versionEndExcluding":"5.4.8","matchCriteriaId":"C2D53E14-0C5F-4DE0-8785-F59A85107D9C"},{"vulnerable":true,"criteria":"cpe:2.3:a:libraesva:email_security_gateway:*:*:*:*:*:*:*:*","versionStartIncluding":"5.5.0","versionEndExcluding":"5.5.7","matchCriteriaId":"7CF82183-A726-4FEE-95FA-4062C5F7FEEB"}]}]}],"references":[{"url":"https://docs.libraesva.com/knowledgebase/security-advisory-command-injection-vulnerability-cve-2025-59689/","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"https://www.libraesva.com/security-blog/","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-59689","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["US Government Resource"]}]}}]}