AI description
CVE-2025-52691 is a vulnerability in SmarterMail versions Build 9406 and earlier. It allows an unauthenticated attacker to upload arbitrary files to any location on the mail server. This vulnerability can lead to remote code execution, potentially giving attackers complete control over compromised systems. Exploitation could result in unauthorized access to sensitive email communications, malware deployment, data exfiltration, and lateral movement within corporate networks.
- Description
- Successful exploitation of the vulnerability could allow an unauthenticated attacker to upload arbitrary files to any location on the mail server, potentially enabling remote code execution.
- Source
- 5f57b9bf-260d-4433-bf07-b6a79e9bb7d4
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 10
- Impact score
- 6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
- Severity
- CRITICAL
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
26
🚨 Major #exploit just dropped! APT-level PoC for CVE-2025-52691. Features stealth, persistence & data exfiltration. This is serious. #cybersecurity #infosec https://t.co/VmnfdQD1VX
@TheExploitLab
31 Dec 2025
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CSA alerte sur une faille critique (CVE-2025-52691) dans SmarterMail, permettant une exécution de code à distance. Score CVSS 10.0. #Cybersecurity #Vulnerability https://t.co/U3ss9188uQ @TheHackersNews
@cyberwatcher_
31 Dec 2025
15 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
C'est la fête du mail 😭 ⚠ SmarterMail CVE-2025-52691 🡇Téléversement pré-auth de fichier /api/upload Detect https://t.co/L062in71SZ ⚠ Zimbra CVE-2025-68645 🡅Téléchargement pré-auth de fichier PoC http://cible/h/rest?javax.servlet.include.servlet_path=/WEB-INF
@mynameisv_
31 Dec 2025
92 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CSA issued alert on critical SmarterMail bug allowing remote code execution! CVE-2025-52691 with CVSS score 10.0. Unauthorized file upload can lead to code execution! #CyberSecurity #CriticalAlert 🛡️ Learn more: https://t.co/ptGpzedh8C
@TheCodeRabbit
31 Dec 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-52691: The Zero-Day Survival Guide for SmarterTools Users—Update Now or Lose Your Data Read the full report on - https://t.co/wtqULu9krn https://t.co/JkmOOb2wui
@Iambivash007
31 Dec 2025
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
30/12/2025 ⚠️ CSA warns of critical flaw in SmarterMail (CVE-2025-52691) allowing remote code execution with a CVSS score of 10.0. Immediate patching is essential! Source: https://t.co/8Wu4Bq4fJc
@kernyx64
31 Dec 2025
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2025-52691 (CVSS 10): Upload Arbitrary Files Successful exploitation of the vulnerability could allow an unauthenticated attacker to upload arbitrary files to any location on the mail server, potentially enabling remote code execution. Search by vul.cve Filter 👉 https
@zoomeye_team
31 Dec 2025
1670 Impressions
4 Retweets
20 Likes
11 Bookmarks
0 Replies
0 Quotes
Security issue for SmarterMail CVE-2025-52691, vulnerability allows remote code execution
@TomCao341
31 Dec 2025
105 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
🚨 Critical SmarterMail Flaw Lets Unauthenticated Attackers Upload Files and Potentially Achieve RCE CVE-2025-52691 (CVSS 10.0) allows unauthenticated arbitrary file upload to any location on SmarterMail servers, which can be chained into remote code execution and full mail
@ThreatSynop
30 Dec 2025
85 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Singapur CSA'si SmarterMail'de kritik RCE açığı (CVE-2025-52691) uyarısı yayınladı. CVSS 10.0 skoruyla işaretlenen bu dosya yükleme zafiyeti, uzaktan kod yürütmeye izin veriyor. Acil güncelleme şart! #SiberGüvenlik #CVE #Teknoloji https://t.co/zMruXVPjMs
@osmanmuratgul
30 Dec 2025
19 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Critical SmarterMail Bug Enables Unauthenticated RCE via Arbitrary File Upload CVE-2025-52691 (CVSS 10.0) affects SmarterMail Build 9406 and earlier, allowing unauthenticated attackers to upload arbitrary files anywhere on the mail server and potentially execute code—riski
@ThreatSynop
30 Dec 2025
102 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨Alert🚨 CVE-2025-52691 (CVSS 10): Critical SmarterMail Flaw Opens Servers to Unauthenticated Attacks POC : https://t.co/PQEZWCigcA #SmarterMail #CyberSecurity #CVE202552691 #Infosec #SingaporeCSA #RCE #EmailSecurity #SmarterTools https://t.co/KncNFcJreU
@You_sse_f1
30 Dec 2025
322 Impressions
0 Retweets
4 Likes
0 Bookmarks
1 Reply
0 Quotes
🚨 SmarterMail RCE Bug (CVE-2025-52691) Lets Unauthenticated Attackers Upload Files and Take Over Servers SmarterTools warns a critical flaw (CVSS 10.0) in SmarterMail build 9406 and earlier allows unauthenticated arbitrary file upload to any server path, enabling remote code
@ThreatSynop
30 Dec 2025
111 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 SmarterMail Hit by Critical #CVE-2025-52691 Vulnerability, Urgent Patch Released https://t.co/Sk1Ua23dGO
@UndercodeNews
30 Dec 2025
27 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Critical (CVSS 10) tagged CVE-2025-52691 affecting SmarterMail software I've created a script to detect vulnerable instances: https://t.co/vW99DpzinX Successful exploitation of the vulnerability could allow an unauthenticated attacker to upload arbitrary files to any ht
@rxerium
30 Dec 2025
16053 Impressions
43 Retweets
237 Likes
95 Bookmarks
2 Replies
1 Quote
⚠️⚠️ CVE-2025-52691 (CVSS 10): Critical SmarterMail Flaw Opens Servers to Unauthenticated Attacks 🔗FOFA Link: https://t.co/2fvmBY4MJ3 🎯474k+ Results are found on the https://t.co/pb16tGYaKe nearly year. FOFA Query: app="SmarterMail" 🔖Refer: https://t.co/G8BZkA5rQ
@fofabot
30 Dec 2025
4582 Impressions
27 Retweets
74 Likes
34 Bookmarks
1 Reply
0 Quotes
🚨Alert🚨 CVE-2025-52691 (CVSS 10): Critical SmarterMail Flaw Opens Servers to Unauthenticated Attacks. 📊 158.3K+ Services are found on the https://t.co/ysWb28BTvF yearly. 🔗Hunter Link:https://t.co/cgWrb3igR3 👇Query HUNTER : https://t.co/q9rtuGfZuz="SmarterMail" http
@HunterMapping
30 Dec 2025
3260 Impressions
7 Retweets
40 Likes
25 Bookmarks
1 Reply
0 Quotes
Warning: Critical vulnerability in #SmarterTools #SmarterMail, #CVE-2025-52691 CVSS: 10. It can allow an attacker to upload arbitrary files to the server, potentially enabling remote code execution #RCE! Update to version Build 9413 immediately: https://t.co/zlDDifdnag #Patch
@CCBalert
29 Dec 2025
160 Impressions
2 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-52691: CRITICAL] Unauthenticated attackers can exploit a vulnerability to upload files on a mail server, risking remote code execution. Protect your system against cyber threats.#cve,CVE-2025-52691,#cybersecurity https://t.co/7SPCg26mG6 https://t.co/ByHAHGDr5x
@CveFindCom
29 Dec 2025
50 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔴 CVE-2025-52691 - Critical Successful exploitation of the vulnerability could allow an unauthenticated attacker to upload arbitrary files to any location on the mail server, potentially enabling remote code execution. https://t.co/m97dG2kQJn https://t.co/aM6qruYMKW
@TheHackerWire
29 Dec 2025
97 Impressions
0 Retweets
1 Like
1 Bookmark
1 Reply
0 Quotes