CVE-2025-52691 | THREATINT

Description

Successful exploitation of the vulnerability could allow an unauthenticated attacker to upload arbitrary files to any location on the mail server, potentially enabling remote code execution.

PUBLISHED Reserved 2025-06-19 | Published 2025-12-29 | Updated 2026-01-27 | Assigner CSA

CRITICAL: 10.0CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CISA Known Exploited Vulnerability

Date added 2026-01-26 | Due date 2026-02-16

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Product status

Default status

unknown

SmarterMail versions Build 9406 and earlier

affected

Credits

Chua Meng Han finder

References

github.com/...rterMail-CVE-2025-52691?ref=labs.watchtowr.com exploit

www.cisa.gov/...erabilities-catalog?field_cve=CVE-2025-52691 government-resource

www.csa.gov.sg/alerts-and-advisories/alerts/al-2025-124/

cve.org (CVE-2025-52691)

nvd.nist.gov (CVE-2025-52691)

Download JSON