Vulnerability Description
Successful exploitation of the vulnerability could allow an unauthenticated attacker to upload arbitrary files to any location on the mail server, potentially enabling remote code execution.
CVSS Score
10.0
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Smartertools | Smartermail | < 100.0.9413 |
Related Weaknesses (CWE)
References
- https://www.csa.gov.sg/alerts-and-advisories/alerts/al-2025-124/Third Party Advisory
- https://github.com/watchtowrlabs/watchTowr-vs-SmarterMail-CVE-2025-52691?ref=labExploitThird Party Advisory
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-US Government Resource
FAQ
What is CVE-2025-52691?
CVE-2025-52691 is a vulnerability with a CVSS score of 10.0 (CRITICAL). Successful exploitation of the vulnerability could allow an unauthenticated attacker to upload arbitrary files to any location on the mail server, potentially enabling remote code execution.
How severe is CVE-2025-52691?
CVE-2025-52691 has been rated CRITICAL with a CVSS base score of 10.0/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2025-52691?
Check the references section above for vendor advisories and patch information. Affected products include: Smartertools Smartermail.