Description Libraesva ESG is affected by a command injection flaw that can be triggered by a malicious e-mail containing a specially crafted compressed attachment, allowing potential execution of arbitrary commands as a non-privileged user. This occurs due to an improper sanitization during the removal of active code from files contained in some compressed … Continue reading Security advisory: command injection vulnerability (CVE-2025-59689)