vulnerability

SmarterTools SmarterMail: CVE-2025-52691: Unrestricted Upload of File with Dangerous Type

Try Surface Command

Back to search

Severity

CVSS

(AV:N/AC:L/Au:N/C:C/I:C/A:C)

Published

Dec 29, 2025

Added

Jan 28, 2026

Modified

Jan 28, 2026

Description

Successful exploitation of the vulnerability could allow an unauthenticated attacker to upload arbitrary files to any location on the mail server, potentially enabling remote code execution.

Solution

smartertools-smartermail-upgrade-latest

References

CVE-2025-52691
https://attackerkb.com/topics/CVE-2025-52691
https://www.csa.gov.sg/alerts-and-advisories/alerts/al-2025-124/
CWE-434

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report