NVD disclosure day

Published threat advisories for September 19, 2025

CVE advisoryKnown Exploit

CVE-2025-59689

Libraesva ESG Attachment Vulnerability Allows Command Injection.

Halo Surface Signal: 5 out of 5 — more likely to be public-facing.

A vulnerability in Libraesva Email Security Gateway allows command injection via compressed email attachments. This could permit unauthorized command execution, potentially leading to data access or service disruption. The risk warrants attention to protect affected organizations.

NVD published: • CISA KEV
CVE advisoryKnown Exploit

CVE-2025-48703

Control Web Panel Remote Code Execution Vulnerability.

Halo Surface Signal: 5 out of 5 — more likely to be public-facing.

A vulnerability in Control Web Panel allows unauthenticated remote code execution. Attackers can exploit this with a known username, potentially leading to unauthorized system control and data compromise. This presents a significant business risk.

NVD published: • CISA KEV