CVE-2025-59689

Exploited in the Wild ✓ Confirmed 0-Day

Triaged: March 20, 2026 2 articles

VulnLookup ↗ NVD ↗ MITRE ↗ CISA KEV ↗

EPSS Score

Source: FIRST.org · 2026-05-24

6.01%

probability

This CVE has a 6.01% probability of being exploited in the next 30 days.

0% Top 90.8th percentile of all CVEs 100%

CVSS score unavailable

Neither CIRCL nor NVD returned a CVSS score for this CVE. View on VulnerabilityLookup ↗

Attack Intelligence

CWE-707 · Improper Neutralization CWE-74 · Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-77 · Command Injection

CISA Sounds Alarm on Critical Sudo Flaw Actively Exploited in Linux and Unix Systems

TheHackerNews

State-Sponsored Hackers Exploiting Libraesva Email Security Gateway Vulnerability

TheHackerNews

Signal Intelligence

Confidenceⓘ

85%

EPSS 6.01%

Mentions 2

CNA Information

Analyst Note

CVE-2025-59689 is explicitly identified as exploited by state-sponsored threat actors in Libraesva Email Security Gateway. The 2025 publication year combined with active exploitation reports and vendor security update indicates zero-day exploitation. Strong signal from vendor disclosure of exploitation coinciding with patch availability.

Threat Actors 6

APT 29

apt_group Information theft and espionage 🇷🇺 RU

APT 22

apt_group Information theft and espionage 🇨🇳 CN

APT 6

apt_group Information theft and espionage 🇨🇳 CN

Red October

apt_group 🇷🇺 RU

Operation Red Signature

apt_group Information theft and espionage 🇨🇳 CN

APT 5

apt_group Information theft and espionage 🇨🇳 CN

Triage Info

Decided atMar 20, 2026