Share
## https://sploitus.com/exploit?id=3EA365BF-6F4E-5044-B7D0-01AC23257C84
# SmarterMail CVE-2025-52691 Scanner
**CVSS 10.0 RCE vulnerability in SmarterMail. Is your mail server vulnerable?**
Fast, accurate scanner for CVE-2025-52691 - a critical unauthenticated arbitrary file upload vulnerability that enables remote code execution on SmarterMail servers.
[](https://nvd.nist.gov/vuln/detail/CVE-2025-52691)
[](https://opensource.org/licenses/MIT)
## About CVE-2025-52691
CVE-2025-52691 is a **maximum severity (10.0 CVSS)** vulnerability in SmarterMail that allows unauthenticated remote code execution through arbitrary file upload.
**Key Facts:**
- **Affected:** SmarterMail Build 9406 and earlier
- **Attack Vector:** Network (no authentication required)
- **Impact:** Complete server compromise (RCE)
- **Patched:** Build 9413+ (recommended: Build 9483)
- **Discovery:** Chua Meng Han, Centre for Strategic Infocomm Technologies (CSIT)
## Quick Start
### Node.js Scanner (Recommended - Cross-Platform)
```bash
# Clone and run
git clone https://github.com/nxgn-kd01/smartermail-cve-scanner.git
cd smartermail-cve-scanner
node scan.js https://mail.example.com
```
### Bash Scanner (Unix/Linux/macOS)
```bash
# Clone and run
git clone https://github.com/nxgn-kd01/smartermail-cve-scanner.git
cd smartermail-cve-scanner
chmod +x scan.sh
./scan.sh https://mail.example.com
```
### Direct Download
```bash
# Node.js version
curl -O https://raw.githubusercontent.com/nxgn-kd01/smartermail-cve-scanner/main/scan.js
node scan.js https://mail.example.com
# Bash version
curl -O https://raw.githubusercontent.com/nxgn-kd01/smartermail-cve-scanner/main/scan.sh
chmod +x scan.sh
./scan.sh https://mail.example.com
```
## Usage
### Scan a SmarterMail Server
```bash
# Using Node.js
node scan.js https://mail.example.com
# Using Bash
./scan.sh https://mail.example.com
```
### Scan with Verbose Output
```bash
node scan.js https://mail.example.com --verbose
./scan.sh https://mail.example.com -v
```
### JSON Output (for Automation)
```bash
node scan.js https://mail.example.com --json
./scan.sh https://mail.example.com --json
```
### CI/CD Mode (Exit Code 1 if Vulnerable)
```bash
node scan.js https://mail.example.com --ci
./scan.sh https://mail.example.com --ci
```
## Command Line Options
| Option | Description |
|--------|-------------|
| `-v`, `--verbose` | Show detailed output |
| `--json` | Output results as JSON |
| `--ci` | Exit with code 1 if vulnerable (for CI/CD) |
| `-t`, `--timeout` | Connection timeout (default: 10s/10000ms) |
| `-h`, `--help` | Show help message |
## Exit Codes
| Code | Meaning |
|------|---------|
| 0 | Not vulnerable or scan completed |
| 1 | Vulnerable (when using `--ci` flag) |
| 2 | Scan error occurred |
## Example Output
### Vulnerable Server
```
+============================================================+
| CVE-2025-52691 Scanner (SmarterMail RCE) |
+============================================================+
Severity: CRITICAL (CVSS 10.0)
Type: Unauthenticated Arbitrary File Upload -> RCE
[INFO] Scanning target: https://mail.example.com
Scan Results:
Target: https://mail.example.com
SmarterMail detected
Version: 100.0.9350
Build: 9350
STATUS: VULNERABLE
Build 9350 is affected by CVE-2025-52691
Remediation:
$ Upgrade to SmarterMail Build 9483 or later
$ Download: https://www.smartertools.com/smartermail/downloads
```
### Patched Server
```
Scan Results:
Target: https://mail.example.com
SmarterMail detected
Version: 100.0.9483
Build: 9483
STATUS: NOT VULNERABLE
Build 9483 is patched
```
### JSON Output
```json
{
"vulnerability": "CVE-2025-52691",
"name": "SmarterMail RCE",
"severity": "CRITICAL",
"cvss": 10,
"target": "https://mail.example.com",
"smartermail_detected": true,
"version": "100.0.9350",
"build": 9350,
"status": "vulnerable",
"vulnerable": true,
"vulnerable_max_build": 9406,
"patched_min_build": 9413,
"recommended_build": 9483
}
```
## CI/CD Integration
### GitHub Actions
```yaml
name: SmarterMail Security Scan
on:
schedule:
- cron: '0 6 * * *' # Daily at 6 AM
workflow_dispatch:
jobs:
scan:
runs-on: ubuntu-latest
steps:
- name: Download Scanner
run: |
curl -O https://raw.githubusercontent.com/nxgn-kd01/smartermail-cve-scanner/main/scan.js
- name: Scan Mail Server
run: node scan.js ${{ secrets.MAIL_SERVER_URL }} --ci
```
### GitLab CI
```yaml
security-scan:
stage: test
image: node:18
script:
- curl -O https://raw.githubusercontent.com/nxgn-kd01/smartermail-cve-scanner/main/scan.js
- node scan.js $MAIL_SERVER_URL --ci
allow_failure: false
```
## How It Works
The scanner:
1. **Probes common SmarterMail endpoints** to detect the application
2. **Extracts version/build information** from responses and headers
3. **Compares the build number** against known vulnerable versions
4. **Reports vulnerability status** with remediation guidance
### Detection Methods
- Checks web interface login pages
- Parses version strings from HTML content
- Examines HTTP headers for version information
- Supports self-signed SSL certificates
## Vulnerability Details
| Property | Value |
|----------|-------|
| **CVE ID** | CVE-2025-52691 |
| **CVSS Score** | 10.0 (CRITICAL) |
| **CVSS Vector** | AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H |
| **Attack Vector** | Network |
| **Authentication** | None required |
| **Impact** | Complete system compromise |
### Affected Versions
- SmarterMail Build 9406 and earlier
### Patched Versions
- Build 9413+ (minimum patch)
- Build 9483+ (recommended)
## Remediation
### Step 1: Verify Vulnerability
```bash
node scan.js https://your-mail-server.com
```
### Step 2: Update SmarterMail
Download the latest version from:
https://www.smartertools.com/smartermail/downloads
### Step 3: Verify Fix
```bash
node scan.js https://your-mail-server.com --ci
```
### Temporary Mitigations
If immediate upgrade is not possible:
1. Restrict network access to the SmarterMail web interface
2. Use a Web Application Firewall (WAF) to filter malicious uploads
3. Monitor logs for suspicious file upload activity
4. Consider taking the web interface offline temporarily
## References
- [CSA Singapore Alert](https://www.csa.gov.sg/alerts-and-advisories/alerts/al-2025-124/)
- [The Hacker News Coverage](https://thehackernews.com/2025/12/csa-issues-alert-on-critical.html)
- [SmarterMail Release Notes](https://www.smartertools.com/smartermail/release-notes)
- [SmarterMail Downloads](https://www.smartertools.com/smartermail/downloads)
## Contributing
Contributions are welcome! Please feel free to submit issues or pull requests.
## License
MIT License - see [LICENSE](LICENSE) file for details
## Disclaimer
This tool is provided as-is for the community to help identify vulnerable SmarterMail installations. Always verify scanner results and test updates in a safe environment before deploying to production.
---
**Stay safe and keep your mail servers updated!**