Share
## https://sploitus.com/exploit?id=B163BA34-4971-5434-B62E-3287562D10DA
# ๐Ÿšจ CVE-2025-52691 โ€” Critical SmarterMail Vulnerability



> **Status:** ๐Ÿ”ฅ *Critical โ€” Immediate action required*
> **CVSS v3.1 Score:** **10.0 / 10**
> **Disclosure Date:** December 29โ€“30, 2025

---

## ๐Ÿงฉ Vulnerability Summary

**CVE-2025-52691** is a **critical, unauthenticated arbitrary file upload vulnerability** affecting **SmarterTools SmarterMail Server**.
Exploitation can lead directly to **Remote Code Execution (RCE)** and **full server compromise**.

---

## ๐ŸŽฏ Key Technical Details

| Category                    | Details                                |
| --------------------------- | -------------------------------------- |
| **Product**                 | SmarterTools **SmarterMail**           |
| **Affected Versions**       | Builds **โ‰ค 9406**                      |
| **Fixed Version**           | **Build 9413** or later                |
| **Attack Vector**           | ๐ŸŒ Network                             |
| **Authentication Required** | โŒ None                                 |
| **User Interaction**        | โŒ None                                 |
| **CWE**                     | **CWE-434** โ€” Unrestricted File Upload |
| **Impact Scope**            | Changed                                |
| **Confidentiality**         | ๐Ÿ”ด High                                |
| **Integrity**               | ๐Ÿ”ด High                                |
| **Availability**            | ๐Ÿ”ด High                                |

**CVSS Vector:**

```
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
```

---

## ๐Ÿ’ฅ What an Attacker Can Do

An **unauthenticated remote attacker** can:

โœ… Upload arbitrary files to **any server location**
โœ… Place **malicious executables or web shells**
โœ… Execute **arbitrary code** on the mail server
โœ… Gain **full system control**
โœ… Abuse mail infrastructure for spam, phishing, or lateral movement

โš ๏ธ Because mail servers are usually **Internet-exposed**, the real-world risk is **extremely high**.

---

## ๐Ÿงจ Risk Assessment

| Factor             | Risk               |
| ------------------ | ------------------ |
| Exploit Complexity | ๐ŸŸข Low             |
| Privileges Needed  | ๐ŸŸข None            |
| Exposure           | ๐Ÿ”ด Internet-facing |
| Potential Damage   | ๐Ÿ”ด Full compromise |

**Overall Risk Level:** ๐Ÿšจ **CRITICAL**

---

## ๐Ÿ› ๏ธ Mitigation & Remediation (Urgent)

### โœ… Immediate Actions

1. **Upgrade SmarterMail to Build 9413 or later**
2. Restrict external access until patching is complete
3. Review server file systems for **unexpected uploads**
4. Check logs for suspicious POST/upload activity
5. Rotate credentials if compromise is suspected

---

## ๐Ÿ•ต๏ธ Exploitation Status

* ๐Ÿšซ No widely published public PoC (as of now)
* โš ๏ธ **High likelihood of active exploitation** due to:

  * CVSS 10.0
  * Unauthenticated access
  * Internet-facing service
  * Simple attack path

---

## ๐Ÿท Attribution

* **CVE Assigned By:** Cyber Security Agency (CSA), Singapore
* **Referenced By:**

  * NVD (NIST)
  * CSA Singapore
  * National CERT advisories (EU & APAC)

---

## Here are the **short steps** to run the Nuclei detection template for CVE-2025-52691:

1. **Save the template**

   Copy the YAML into a file: `cve-2025-52691.yaml`

3. **Install/Update Nuclei** (if needed)  
   ```bash
   go install -v github.com/projectdiscovery/nuclei/v3/cmd/nuclei@latest
   ```

4. **Run on a single target**  
   ```bash
   nuclei -t cve-2025-52691.yaml -u https://your-smartermail-domain.com
   ```

5. **Run on multiple targets** (from a file called `targets.txt`)  
   ```bash
   nuclei -t cve-2025-52691.yaml -l targets.txt
   ```

6. **Optional useful flags**  
   - `-v` โ†’ see more details  
   - `-o results.txt` โ†’ save output  
   - `-silent` โ†’ show only matches

That's it! If it finds a vulnerable version (


**Reminder**: Only scan systems you own or have permission for. ๐Ÿ˜Š