AI description
CVE-2025-52691 is a vulnerability in SmarterMail versions Build 9406 and earlier. It allows an unauthenticated attacker to upload arbitrary files to any location on the mail server. This vulnerability can lead to remote code execution, potentially giving attackers complete control over compromised systems. Exploitation could result in unauthorized access to sensitive email communications, malware deployment, data exfiltration, and lateral movement within corporate networks.
- Description
- Successful exploitation of the vulnerability could allow an unauthenticated attacker to upload arbitrary files to any location on the mail server, potentially enabling remote code execution.
- Source
- 5f57b9bf-260d-4433-bf07-b6a79e9bb7d4
- NVD status
- Modified
- Products
- smartermail
CVSS 3.1
- Type
- Secondary
- Base score
- 10
- Impact score
- 6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
- Severity
- CRITICAL
- 134c704f-9b21-4f2e-91b3-4a467353bcc0
- CWE-434
- Hype score
- Not currently trending
🚨 CVE-2025-52691 PoC dropped! Authentication bypass in #SmarterMail. Python exploit script based on watchtowr's WT-2026-0001 analysis. #infosec #cybersecurity #exploit #CVE https://t.co/FbGrDezRcQ
@TheExploitLab
24 Jan 2026
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Warning: Many sources reported the active exploitation of #CVE-2025-52691 CVSS: 10. A remote unauthenticated attacker can upload arbitrary files to the server, potentially enabling remote code execution #RCE! Check our advisory here: https://t.co/zlDDifdnag . #Patch #Patch #Patch
@CCBalert
23 Jan 2026
207 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#threatreport #LowCompleteness SmarterMail Version Enumeration: Threat Actors Building Target Lists Post-CVE-2025-52691 | 13-01-2026 Source: https://t.co/IUD7R9umsD Key details below ↓ 🎯Victims: Smartermail users 🌐Geo: India, Indonesia, Spain 🔓CVEs: CVE-2025-52691 h
@rst_cloud
16 Jan 2026
50 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 SmarterMail [—] Jan 15, 2026 Critical Security Advisory: Unauthenticated Remote Code Execution (RCE) Vulnerability (CVE-2025-52691) in SmarterMail Checkout our Threat Intelligence Platform: https://t.co/QuwNtEgYh1 https://t.co/QuwNtEgYh1 #LLM https://t.co/gAAkiFmc7D
@transilienceai
15 Jan 2026
65 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
SMEs: a critical SmarterMail flaw (CVE-2025-52691) affects thousands of servers and attackers could take control without a password. Check your mail setup, patch what you own, and stay sane about updates. Read more: https://t.co/eMDunNzQUn
@StrongKeepCyber
15 Jan 2026
55 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-52691 - SmarterTools SmarterMail vulnerability https://t.co/Q8mfZ6hU3B https://t.co/93Bv76dIkk
@SirajD_Official
14 Jan 2026
54 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
We are scanning & reporting out SmarterMail hosts vulnerable to CVE-2025-52691 RCE (CVSS 10). 8001 unique IPs likely vulnerable on 2026-01-12 (out of 18783 exposed). Note Exploit PoCs are public. Tree Map view: https://t.co/ErLTyjDFPH Raw IP data in https://t.co/qxv0Gv5ELc
@Shadowserver
13 Jan 2026
1877 Impressions
8 Retweets
22 Likes
3 Bookmarks
1 Reply
0 Quotes
🚨 SmarterMail [—] Jan 13, 2026 Comprehensive Security Advisory: Critical Vulnerability (CVE-2025-52691) Enabling Remote Code Execution in SmarterMail Checkout our Threat Intelligence Platform: https://t.co/QuwNtEhw6z https://t.co/QuwNtEhw6z #LLM https://t.co/WW9fdrxzI8
@transilienceai
13 Jan 2026
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CSA Issues Alert on Critical SmarterMail Bug Allowing Remote Code Execution 🚨💥 CSA warns of a critical SmarterMail bug allowing remote code execution. Vulnerability: CVE-2025-52691. CVSS score: 10.0. Arbitrary file upload could lead to code execution without user input.
@HackonomicNews
12 Jan 2026
51 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
📢 𝐔𝐩𝐝𝐚𝐭𝐞 𝐍𝐎𝐖! 𝐒𝐢𝐧𝐠𝐚𝐩𝐨𝐫𝐞𝐚𝐧 𝐠𝐨𝐯𝐞𝐫𝐧𝐦𝐞𝐧𝐭 𝐚𝐧𝐝 𝐜𝐲𝐛𝐞𝐫 𝐬𝐞𝐜𝐮𝐫𝐢𝐭𝐲 𝐟𝐢𝐫𝐦 𝐰𝐚𝐫𝐧 𝐨𝐟 𝐩𝐞𝐫𝐟𝐞𝐜𝐭 𝟏𝟎
@PurpleOps_io
12 Jan 2026
72 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
After analyzing 60% of vulnerabilities from past week, CVE-2025-52691 has 6 articles published from different internet sources, no other cve has these many articles. More information here: https://t.co/SyyDujjO8C #vulnerability #CyberSecurity #ThreatIntel #CVE #SecurityAlert
@stooee_
10 Jan 2026
61 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 New Critical CVE: CVE-2025-52691 📊 Score:10.0 ‼️Remote Code Execution ⚡️Smartermail 📝 Successful exploitation of the vulnerability could allow an unauthenticated attacker to upload arbitrary files... 🔗 Read Details: https://t.co/CqzeDRH07p #CVE #CyberSecur
@watchstackio
10 Jan 2026
5 Impressions
0 Retweets
3 Likes
3 Bookmarks
0 Replies
0 Quotes
🚨 CVSS 10 SmarterMail Pre-Auth RCE (CVE-2025-52691) — Public PoC Raises Exploitation Risk SmarterMail’s unauthenticated `/api/upload` endpoint can be abused via a path-traversal in the `guid` value inside `contextData`, enabling arbitrary file write to web-accessible paths
@ThreatSynop
9 Jan 2026
70 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-52691 SmarterMail Pre-Auth RCE Python Script Was Public https://t.co/UZxuCnM19p #CVE #RCE
@sirifu4k1
9 Jan 2026
2464 Impressions
9 Retweets
41 Likes
16 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2025-52691 - critical 🚨 SmarterMail - Unrestricted File Upload > Mail server contains an unrestricted file upload vulnerability allowing unauthenticat... 👾 https://t.co/O6gD8OzxQi @pdnuclei #NucleiTemplates #cve
@pdnuclei_bot
9 Jan 2026
15 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
SmarterTools SmarterMail affected by pre-auth RCE vulnerability CVE-2025-52691, now patched. Admins should update promptly to prevent unauthenticated code execution. #RCE https://t.co/6XG6JRB18T
@threatcluster
8 Jan 2026
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
And, we're back - analyzing CVE-2025-52691, a pre-auth RCE in SmarterTools SmarterMail mail server solution. Speak soon (:^)) and enjoy.. https://t.co/G0FNUC9tqK
@watchtowrcyber
8 Jan 2026
20095 Impressions
47 Retweets
156 Likes
62 Bookmarks
4 Replies
4 Quotes
🚨 SmarterMail [—] Jan 08, 2026 Comprehensive security advisory on the critical remote code execution vulnerability affecting SmarterMail (CVE-2025-52691). This report details the vulnerability, impacted versions, risk assessment, and comprehensive mitigation recommendations.
@transilienceai
8 Jan 2026
40 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-52691 - SmarterTools SmarterMail vulnerability https://t.co/7tjDbuE7nI https://t.co/UxsuE4KcC2
@CloudVirtues
7 Jan 2026
46 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-52691 - SmarterTools SmarterMail vulnerability https://t.co/OcBCxSiM8Y https://t.co/lkT9LD3VAD
@PhotoZel
7 Jan 2026
43 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 SmarterTools SmarterMail [—] Jan 07, 2026 Comprehensive security advisory with analysis of CVE-2025-52691, impacted versions, exploitation risk, international advisories, technical assessment, and actionable mitigation strategies for SmarterTools SmarterMail. Checkout our.
@transilienceai
7 Jan 2026
48 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 SmarterTools SmarterMail [—] Jan 06, 2026 Urgent security advisory: Remote code execution threat due to an unauthenticated arbitrary file upload vulnerability (CVE-2025-52691) in SmarterMail. Patch immediately to prevent exploitation. Checkout our Threat Intelligence... ht
@transilienceai
6 Jan 2026
101 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 SmarterTools SmarterMail [—] Jan 04, 2026 Critical vulnerability analysis, impact assessment, and mitigation guidance for SmarterTools SmarterMail (CVE-2025-52691). Checkout our Threat Intelligence Platform: https://t.co/QuwNtEgYh1... https://t.co/uyyQqm1FaV
@transilienceai
4 Jan 2026
166 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
SmarterTools SmarterMail CVE-2025-52691: Unauthenticated Arbitrary File Upload Enables Remote Code Execution on Email Gateways https://t.co/HficFGALQG What happens when the email gateway protecting your organization’s critical communications fails to validate uploaded files an
@f1tym1
4 Jan 2026
150 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
SmarterTools SmarterMail CVE-2025-52691: Unauthenticated Arbitrary File Upload Enables Remote Code Execution on Email Gateways - https://t.co/skRhk5vNjg
@Cyberwarzonecom
3 Jan 2026
124 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 New plugin: SmarterMailPlugin (CVE-2025-52691). SmarterMail versions prior to Build 9413 affected by critical remote code execution vulnerability via arbitrary file upload. Results: https://t.co/4HiImPXvsj https://t.co/oNGLfzcZ9F
@leak_ix
2 Jan 2026
833 Impressions
2 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-52691 (CVSS:10.0, CRITICAL) is Undergoing Analysis. Successful exploitation of the vulnerability could allow an unauthenticated attacker to upload arbitrary files to any lo..https://t.co/RF1rxG6aFv #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre
@cracbot
2 Jan 2026
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
📣 We have added a new #vulnerability detection to our #ASM #AttackSurfaceManagement solution for #SmarterMail product: CVE-2025-52691: remote unauthenticated file upload & overwrite https://t.co/TtLXPj2Oyu https://t.co/7BYo66B42l
@onyphe
2 Jan 2026
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 SmarterMail [—] Jan 02, 2026 Comprehensive advisory on critical unauthenticated arbitrary file upload and remote code execution vulnerability (CVE-2025-52691) in SmarterTools SmarterMail. Checkout our Threat Intelligence Platform: https://t.co/QuwNtEgYh1... https://t.co/Nh
@transilienceai
2 Jan 2026
96 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Critical patches released for IBM API Connect auth bypass and SmarterMail RCE (CVE-2025-52691). CISA mandates fixes for MongoBleed after Oracle EBS intrusions. ESA server breach confirmed; Disney settles $10M over child data. #DataPrivacy #USA https://t.co/5GwBNABG0i
@TweetThreatNews
1 Jan 2026
271 Impressions
0 Retweets
3 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Critical SmarterMail Vulnerability Alert 🚨 A newly disclosed flaw (CVE-2025-52691) allows unauthenticated remote code execution via arbitrary file upload.🔴 CVSS: 10.0 (Critical) 🔗 Full breakdown & mitigation: https://t.co/CESmSbLJHp #CyberSecurityAwareness #vul
@shetkar_pranay
31 Dec 2025
91 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Singapore CSA Warns of Maximum-Severity SmarterMail RCE Flaw (CVE-2025-52691) CSA issued an alert for CVE-2025-52691 (CVSS 10.0), where an unauthenticated attacker can upload arbitrary files to the mail server and potentially achieve remote code execution; affected SmarterMa
@ThreatSynop
31 Dec 2025
105 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CSA has warned of a maximum-severity SmarterMail vulnerability (CVE-2025-52691) that could enable unauthenticated remote code execution if left unpatched. No exploitation has been confirmed, but updates are strongly advised. How do you assess risk when a critical flaw is https:
@TechNadu
31 Dec 2025
107 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Singapore CSA warns of maximun severity SmarterMail RCE flaw: Singapore’s CSA warns of CVE-2025-52691, a critical SmarterMail flaw enabling unauthenticated remote code execution via arbitrary file upload. Singapore’s Cyber Security Agency of Singapore… https://t.co/frAmpntA
@shah_sheikh
31 Dec 2025
94 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Major #exploit just dropped! APT-level PoC for CVE-2025-52691. Features stealth, persistence & data exfiltration. This is serious. #cybersecurity #infosec https://t.co/VmnfdQD1VX
@TheExploitLab
31 Dec 2025
163 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
CSA alerte sur une faille critique (CVE-2025-52691) dans SmarterMail, permettant une exécution de code à distance. Score CVSS 10.0. #Cybersecurity #Vulnerability https://t.co/U3ss9188uQ @TheHackersNews
@cyberwatcher_
31 Dec 2025
24 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Singapore CSA warns of CVE-2025-52691 in SmarterMail, allowing unauthenticated attackers to achieve remote code execution via arbitrary file uploads. https://t.co/eDmuTNKZgy #CyberSecurity #EmailSecurity #SmarterMail #RemoteCodeExecution #InfoSec #CSAAlert https://t.co/UbHHxhXd
@redsecuretech
31 Dec 2025
68 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
C'est la fête du mail 😭 ⚠ SmarterMail CVE-2025-52691 🡇Téléversement pré-auth de fichier /api/upload Detect https://t.co/L062in71SZ ⚠ Zimbra CVE-2025-68645 🡅Téléchargement pré-auth de fichier PoC http://cible/h/rest?javax.servlet.include.servlet_path=/WEB-INF
@mynameisv_
31 Dec 2025
92 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CSA issued alert on critical SmarterMail bug allowing remote code execution! CVE-2025-52691 with CVSS score 10.0. Unauthorized file upload can lead to code execution! #CyberSecurity #CriticalAlert 🛡️ Learn more: https://t.co/ptGpzedh8C
@HackingRabbitS
31 Dec 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-52691: The Zero-Day Survival Guide for SmarterTools Users—Update Now or Lose Your Data Read the full report on - https://t.co/wtqULu9krn https://t.co/JkmOOb2wui
@Iambivash007
31 Dec 2025
25 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
30/12/2025 ⚠️ CSA warns of critical flaw in SmarterMail (CVE-2025-52691) allowing remote code execution with a CVSS score of 10.0. Immediate patching is essential! Source: https://t.co/8Wu4Bq4fJc
@kernyx64
31 Dec 2025
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2025-52691 (CVSS 10): Upload Arbitrary Files Successful exploitation of the vulnerability could allow an unauthenticated attacker to upload arbitrary files to any location on the mail server, potentially enabling remote code execution. Search by vul.cve Filter 👉 https
@zoomeye_team
31 Dec 2025
3452 Impressions
9 Retweets
45 Likes
16 Bookmarks
1 Reply
0 Quotes
Security issue for SmarterMail CVE-2025-52691, vulnerability allows remote code execution
@TomCao341
31 Dec 2025
119 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
🚨 Critical SmarterMail Flaw Lets Unauthenticated Attackers Upload Files and Potentially Achieve RCE CVE-2025-52691 (CVSS 10.0) allows unauthenticated arbitrary file upload to any location on SmarterMail servers, which can be chained into remote code execution and full mail
@ThreatSynop
30 Dec 2025
93 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Singapur CSA'si SmarterMail'de kritik RCE açığı (CVE-2025-52691) uyarısı yayınladı. CVSS 10.0 skoruyla işaretlenen bu dosya yükleme zafiyeti, uzaktan kod yürütmeye izin veriyor. Acil güncelleme şart! #SiberGüvenlik #CVE #Teknoloji https://t.co/zMruXVPjMs
@osmanmuratgul
30 Dec 2025
19 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Critical SmarterMail Bug Enables Unauthenticated RCE via Arbitrary File Upload CVE-2025-52691 (CVSS 10.0) affects SmarterMail Build 9406 and earlier, allowing unauthenticated attackers to upload arbitrary files anywhere on the mail server and potentially execute code—riski
@ThreatSynop
30 Dec 2025
112 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨Alert🚨 CVE-2025-52691 (CVSS 10): Critical SmarterMail Flaw Opens Servers to Unauthenticated Attacks POC : https://t.co/PQEZWCigcA #SmarterMail #CyberSecurity #CVE202552691 #Infosec #SingaporeCSA #RCE #EmailSecurity #SmarterTools https://t.co/KncNFcJreU
@You_sse_f1
30 Dec 2025
322 Impressions
0 Retweets
4 Likes
0 Bookmarks
1 Reply
0 Quotes
🚨 SmarterMail RCE Bug (CVE-2025-52691) Lets Unauthenticated Attackers Upload Files and Take Over Servers SmarterTools warns a critical flaw (CVSS 10.0) in SmarterMail build 9406 and earlier allows unauthenticated arbitrary file upload to any server path, enabling remote code
@ThreatSynop
30 Dec 2025
111 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 SmarterMail Hit by Critical #CVE-2025-52691 Vulnerability, Urgent Patch Released https://t.co/Sk1Ua23dGO
@UndercodeNews
30 Dec 2025
27 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Critical (CVSS 10) tagged CVE-2025-52691 affecting SmarterMail software I've created a script to detect vulnerable instances: https://t.co/vW99DpzinX Successful exploitation of the vulnerability could allow an unauthenticated attacker to upload arbitrary files to any ht
@rxerium
30 Dec 2025
16053 Impressions
43 Retweets
237 Likes
95 Bookmarks
2 Replies
1 Quote
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:smartertools:smartermail:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A9F4301A-C277-47F6-841D-386EDD24EE67",
"versionEndExcluding": "100.0.9413"
}
],
"operator": "OR"
}
]
}
]