- Balancesva patche CVE-2025-59689, a vulnerability of remote control of the average severity
- Attack compressed email attachments; threat actor probably a hostile foreign state
- Versions less than 5.0 are not supported and require manual upgrades to stay safe
BALANCESVA Email Security Gateway (ESG) has corrected a vulnerability of the average severity apparently abused by the actors of the threat sponsored by the State to obtain remote control capacities (RCE) on targeted termination criteria.
In a security notice, Balancesva announced the fight against an order injection flaw which can be triggered by a malicious email with a specially designed compressed attachment.
The defect has enabled the execution of arbitrary orders as a non -private user, due to inappropriate sanitation when deleting the active code of the files contained in certain compressed archive formats.
“Hostile” attack
Vulnerability is followed in the form of CVE-2025-59689 and received a gravity score of 6.1 / 10 (midfield).
All versions, from 4.5, would have been vulnerable. Libraesva has published fixes for ESG 5.0, 5.1, 5.2, 5.3, 5.4 and 5.5, while versions less than 5.0 are no longer supported and must be improved manually.
An attack has been documented so far, the Council also reads, and the attackers are apparently “a foreign hostile entity”.
“The objective to a single application highlights the precision of the threat actor (supposed to be a foreign hostile state) and highlights the importance of a rapid and complete deployment of patchs,” said the company.
Libraesva announces ESG as an advanced e-mail safety solution designed to protect organizations from threats such as phishing, spam, malware and professional e-mail compromises.
It filters incoming, outgoing and internal email traffic using both defenses in the gateway and API layer, offering protection for platforms such as Microsoft 365 and Google Workspace.
According to Bleeping CompomputeThe company has “thousands” of customers among small and medium -sized organizations, as well as businesses. In total, more than 200,000 users used Balancesva Esg, the platform being particularly popular among the entities in education, finance and in government.
