vulnerability

SmarterTools SmarterMail: CVE-2025-52691: Unrestricted Upload of File with Dangerous Type

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
10	(AV:N/AC:L/Au:N/C:C/I:C/A:C)	Dec 29, 2025	Jan 28, 2026	Jan 28, 2026

Severity

CVSS

(AV:N/AC:L/Au:N/C:C/I:C/A:C)

Published

Dec 29, 2025

Added

Jan 28, 2026

Modified

Jan 28, 2026

Description

Successful exploitation of the vulnerability could allow an unauthenticated attacker to upload arbitrary files to any location on the mail server, potentially enabling remote code execution.

Solution

smartertools-smartermail-upgrade-latest

References

CVE-2025-52691
https://attackerkb.com/topics/CVE-2025-52691
URL-https://www.csa.gov.sg/alerts-and-advisories/alerts/al-2025-124/
CWE-434

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today