CVE-2025-52691

CRITICALCISA KEV

10.0

Description

Successful exploitation of the vulnerability could allow an unauthenticated attacker to upload arbitrary files to any location on the mail server, potentially enabling remote code execution.

CVE Details

CVSS v3.1 Score10.0

SeverityCRITICAL

CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Attack VectorNETWORK

ComplexityLOW

Privileges RequiredNONE

User InteractionNONE

Published12/29/2025

Last Modified1/27/2026

Sourcekev

Honeypot Sightings0

CISA KEV

VendorSmarterTools

ProductSmarterMail

Vulnerability NameSmarterTools SmarterMail Unrestricted Upload of File with Dangerous Type Vulnerability

KEV Date Added2026-01-26

Remediation Due Date2026-02-16

Ransomware UseUnknown

Affected Products

smartertools:smartermail

Weaknesses (CWE)

CWE-434

References

https://www.csa.gov.sg/alerts-and-advisories/alerts/al-2025-124/(5f57b9bf-260d-4433-bf07-b6a79e9bb7d4)

https://github.com/watchtowrlabs/watchTowr-vs-SmarterMail-CVE-2025-52691?ref=labs.watchtowr.com(134c704f-9b21-4f2e-91b3-4a467353bcc0)

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-52691(134c704f-9b21-4f2e-91b3-4a467353bcc0)

IOC Correlations

No correlations recorded

This product uses data from the NVD API but is not endorsed or certified by the NVD.