6.1
CVE-2025-59689
- EPSS 6.01%
- Veröffentlicht 19.09.2025 00:00:00
- Zuletzt bearbeitet 05.11.2025 19:25:35
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginLibraesva ESG 4.5 through 5.5.x before 5.5.7 allows command injection via a compressed e-mail attachment. For ESG 5.0 a fix has been released in 5.0.31. For ESG 5.1 a fix has been released in 5.1.20. For ESG 5.2 a fix has been released in 5.2.31. For ESG 5.4 a fix has been released in 5.4.8. For ESG 5.5. a fix has been released in 5.5.7.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Libraesva ≫ Email Security Gateway Version >= 4.5 < 5.0.31
Libraesva ≫ Email Security Gateway Version >= 5.1.0 < 5.1.20
Libraesva ≫ Email Security Gateway Version >= 5.2.0 < 5.2.31
Libraesva ≫ Email Security Gateway Version >= 5.3.0 < 5.3.16
Libraesva ≫ Email Security Gateway Version >= 5.4.0 < 5.4.8
Libraesva ≫ Email Security Gateway Version >= 5.5.0 < 5.5.7
29.09.2025: CISA Known Exploited Vulnerabilities (KEV) Catalog
Libraesva Email Security Gateway Command Injection Vulnerability
SchwachstelleLibraesva Email Security Gateway (ESG) contains a command injection vulnerability which allows command injection via a compressed e-mail attachment.
BeschreibungApply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Erforderliche Maßnahmen| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 6.01% | 0.906 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| cve@mitre.org | 6.1 | 2.8 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')
The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.