{"id":"CVE-2025-59689","details":"Libraesva ESG 4.5 through 5.5.x before 5.5.7 allows command injection via a compressed e-mail attachment. For ESG 5.0 a fix has been released in 5.0.31. For ESG 5.1 a fix has been released in 5.1.20. For ESG 5.2 a fix has been released in 5.2.31. For ESG 5.4 a fix has been released in 5.4.8. For ESG 5.5. a fix has been released in 5.5.7.","modified":"2026-03-14T12:44:10.965376Z","published":"2025-09-19T20:15:40.340Z","references":[{"type":"WEB","url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-59689"},{"type":"ADVISORY","url":"https://docs.libraesva.com/knowledgebase/security-advisory-command-injection-vulnerability-cve-2025-59689/"},{"type":"ADVISORY","url":"https://www.libraesva.com/security-blog/"}],"affected":[{"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"4.5"},{"fixed":"5.0.31"}]},{"events":[{"introduced":"5.1.0"},{"fixed":"5.1.20"}]},{"events":[{"introduced":"5.2.0"},{"fixed":"5.2.31"}]},{"events":[{"introduced":"5.3.0"},{"fixed":"5.3.16"}]},{"events":[{"introduced":"5.4.0"},{"fixed":"5.4.8"}]},{"events":[{"introduced":"5.5.0"},{"fixed":"5.5.7"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-59689.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}