Share
## https://sploitus.com/exploit?id=3EA365BF-6F4E-5044-B7D0-01AC23257C84
# SmarterMail CVE-2025-52691 Scanner

**CVSS 10.0 RCE vulnerability in SmarterMail. Is your mail server vulnerable?**

Fast, accurate scanner for CVE-2025-52691 - a critical unauthenticated arbitrary file upload vulnerability that enables remote code execution on SmarterMail servers.

[![CVSS Score](https://img.shields.io/badge/CVSS-10.0%20CRITICAL-red)](https://nvd.nist.gov/vuln/detail/CVE-2025-52691)
[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)

## About CVE-2025-52691

CVE-2025-52691 is a **maximum severity (10.0 CVSS)** vulnerability in SmarterMail that allows unauthenticated remote code execution through arbitrary file upload.

**Key Facts:**
- **Affected:** SmarterMail Build 9406 and earlier
- **Attack Vector:** Network (no authentication required)
- **Impact:** Complete server compromise (RCE)
- **Patched:** Build 9413+ (recommended: Build 9483)
- **Discovery:** Chua Meng Han, Centre for Strategic Infocomm Technologies (CSIT)

## Quick Start

### Node.js Scanner (Recommended - Cross-Platform)

```bash
# Clone and run
git clone https://github.com/nxgn-kd01/smartermail-cve-scanner.git
cd smartermail-cve-scanner
node scan.js https://mail.example.com
```

### Bash Scanner (Unix/Linux/macOS)

```bash
# Clone and run
git clone https://github.com/nxgn-kd01/smartermail-cve-scanner.git
cd smartermail-cve-scanner
chmod +x scan.sh
./scan.sh https://mail.example.com
```

### Direct Download

```bash
# Node.js version
curl -O https://raw.githubusercontent.com/nxgn-kd01/smartermail-cve-scanner/main/scan.js
node scan.js https://mail.example.com

# Bash version
curl -O https://raw.githubusercontent.com/nxgn-kd01/smartermail-cve-scanner/main/scan.sh
chmod +x scan.sh
./scan.sh https://mail.example.com
```

## Usage

### Scan a SmarterMail Server

```bash
# Using Node.js
node scan.js https://mail.example.com

# Using Bash
./scan.sh https://mail.example.com
```

### Scan with Verbose Output

```bash
node scan.js https://mail.example.com --verbose
./scan.sh https://mail.example.com -v
```

### JSON Output (for Automation)

```bash
node scan.js https://mail.example.com --json
./scan.sh https://mail.example.com --json
```

### CI/CD Mode (Exit Code 1 if Vulnerable)

```bash
node scan.js https://mail.example.com --ci
./scan.sh https://mail.example.com --ci
```

## Command Line Options

| Option | Description |
|--------|-------------|
| `-v`, `--verbose` | Show detailed output |
| `--json` | Output results as JSON |
| `--ci` | Exit with code 1 if vulnerable (for CI/CD) |
| `-t`, `--timeout` | Connection timeout (default: 10s/10000ms) |
| `-h`, `--help` | Show help message |

## Exit Codes

| Code | Meaning |
|------|---------|
| 0 | Not vulnerable or scan completed |
| 1 | Vulnerable (when using `--ci` flag) |
| 2 | Scan error occurred |

## Example Output

### Vulnerable Server

```
+============================================================+
|  CVE-2025-52691 Scanner (SmarterMail RCE)               |
+============================================================+

Severity: CRITICAL (CVSS 10.0)
Type: Unauthenticated Arbitrary File Upload -> RCE

[INFO] Scanning target: https://mail.example.com

Scan Results:
  Target: https://mail.example.com
  SmarterMail detected
  Version: 100.0.9350
  Build: 9350

  STATUS: VULNERABLE
  Build 9350 is affected by CVE-2025-52691

  Remediation:
  $ Upgrade to SmarterMail Build 9483 or later
  $ Download: https://www.smartertools.com/smartermail/downloads
```

### Patched Server

```
Scan Results:
  Target: https://mail.example.com
  SmarterMail detected
  Version: 100.0.9483
  Build: 9483

  STATUS: NOT VULNERABLE
  Build 9483 is patched
```

### JSON Output

```json
{
  "vulnerability": "CVE-2025-52691",
  "name": "SmarterMail RCE",
  "severity": "CRITICAL",
  "cvss": 10,
  "target": "https://mail.example.com",
  "smartermail_detected": true,
  "version": "100.0.9350",
  "build": 9350,
  "status": "vulnerable",
  "vulnerable": true,
  "vulnerable_max_build": 9406,
  "patched_min_build": 9413,
  "recommended_build": 9483
}
```

## CI/CD Integration

### GitHub Actions

```yaml
name: SmarterMail Security Scan

on:
  schedule:
    - cron: '0 6 * * *'  # Daily at 6 AM
  workflow_dispatch:

jobs:
  scan:
    runs-on: ubuntu-latest
    steps:
      - name: Download Scanner
        run: |
          curl -O https://raw.githubusercontent.com/nxgn-kd01/smartermail-cve-scanner/main/scan.js

      - name: Scan Mail Server
        run: node scan.js ${{ secrets.MAIL_SERVER_URL }} --ci
```

### GitLab CI

```yaml
security-scan:
  stage: test
  image: node:18
  script:
    - curl -O https://raw.githubusercontent.com/nxgn-kd01/smartermail-cve-scanner/main/scan.js
    - node scan.js $MAIL_SERVER_URL --ci
  allow_failure: false
```

## How It Works

The scanner:

1. **Probes common SmarterMail endpoints** to detect the application
2. **Extracts version/build information** from responses and headers
3. **Compares the build number** against known vulnerable versions
4. **Reports vulnerability status** with remediation guidance

### Detection Methods

- Checks web interface login pages
- Parses version strings from HTML content
- Examines HTTP headers for version information
- Supports self-signed SSL certificates

## Vulnerability Details

| Property | Value |
|----------|-------|
| **CVE ID** | CVE-2025-52691 |
| **CVSS Score** | 10.0 (CRITICAL) |
| **CVSS Vector** | AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H |
| **Attack Vector** | Network |
| **Authentication** | None required |
| **Impact** | Complete system compromise |

### Affected Versions

- SmarterMail Build 9406 and earlier

### Patched Versions

- Build 9413+ (minimum patch)
- Build 9483+ (recommended)

## Remediation

### Step 1: Verify Vulnerability

```bash
node scan.js https://your-mail-server.com
```

### Step 2: Update SmarterMail

Download the latest version from:
https://www.smartertools.com/smartermail/downloads

### Step 3: Verify Fix

```bash
node scan.js https://your-mail-server.com --ci
```

### Temporary Mitigations

If immediate upgrade is not possible:

1. Restrict network access to the SmarterMail web interface
2. Use a Web Application Firewall (WAF) to filter malicious uploads
3. Monitor logs for suspicious file upload activity
4. Consider taking the web interface offline temporarily

## References

- [CSA Singapore Alert](https://www.csa.gov.sg/alerts-and-advisories/alerts/al-2025-124/)
- [The Hacker News Coverage](https://thehackernews.com/2025/12/csa-issues-alert-on-critical.html)
- [SmarterMail Release Notes](https://www.smartertools.com/smartermail/release-notes)
- [SmarterMail Downloads](https://www.smartertools.com/smartermail/downloads)

## Contributing

Contributions are welcome! Please feel free to submit issues or pull requests.

## License

MIT License - see [LICENSE](LICENSE) file for details

## Disclaimer

This tool is provided as-is for the community to help identify vulnerable SmarterMail installations. Always verify scanner results and test updates in a safe environment before deploying to production.

---

**Stay safe and keep your mail servers updated!**