CVE-2025-52691

CRITICALCISA KEV

10.0

Description

Successful exploitation of the vulnerability could allow an unauthenticated attacker to upload arbitrary files to any location on the mail server, potentially enabling remote code execution.

Details CVE

Score CVSS v3.110.0

SeveriteCRITICAL

Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Vecteur d'attaqueNETWORK

ComplexiteLOW

Privileges requisNONE

Interaction utilisateurNONE

Publie12/29/2025

Derniere modification1/27/2026

Sourcekev

Observations honeypot0

CISA KEV

FournisseurSmarterTools

ProduitSmarterMail

Nom vulnerabiliteSmarterTools SmarterMail Unrestricted Upload of File with Dangerous Type Vulnerability

Date ajout KEV2026-01-26

Date limite remediation2026-02-16

Utilise dans ransomwareUnknown

Produits affectes

smartertools:smartermail

Faiblesses (CWE)

CWE-434

References

https://www.csa.gov.sg/alerts-and-advisories/alerts/al-2025-124/(5f57b9bf-260d-4433-bf07-b6a79e9bb7d4)

https://github.com/watchtowrlabs/watchTowr-vs-SmarterMail-CVE-2025-52691?ref=labs.watchtowr.com(134c704f-9b21-4f2e-91b3-4a467353bcc0)

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-52691(134c704f-9b21-4f2e-91b3-4a467353bcc0)

Correlations IOC

Aucune correlation enregistree

This product uses data from the NVD API but is not endorsed or certified by the NVD.