Share
## https://sploitus.com/exploit?id=B163BA34-4971-5434-B62E-3287562D10DA
# ๐จ CVE-2025-52691 โ Critical SmarterMail Vulnerability
> **Status:** ๐ฅ *Critical โ Immediate action required*
> **CVSS v3.1 Score:** **10.0 / 10**
> **Disclosure Date:** December 29โ30, 2025
---
## ๐งฉ Vulnerability Summary
**CVE-2025-52691** is a **critical, unauthenticated arbitrary file upload vulnerability** affecting **SmarterTools SmarterMail Server**.
Exploitation can lead directly to **Remote Code Execution (RCE)** and **full server compromise**.
---
## ๐ฏ Key Technical Details
| Category | Details |
| --------------------------- | -------------------------------------- |
| **Product** | SmarterTools **SmarterMail** |
| **Affected Versions** | Builds **โค 9406** |
| **Fixed Version** | **Build 9413** or later |
| **Attack Vector** | ๐ Network |
| **Authentication Required** | โ None |
| **User Interaction** | โ None |
| **CWE** | **CWE-434** โ Unrestricted File Upload |
| **Impact Scope** | Changed |
| **Confidentiality** | ๐ด High |
| **Integrity** | ๐ด High |
| **Availability** | ๐ด High |
**CVSS Vector:**
```
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
```
---
## ๐ฅ What an Attacker Can Do
An **unauthenticated remote attacker** can:
โ
Upload arbitrary files to **any server location**
โ
Place **malicious executables or web shells**
โ
Execute **arbitrary code** on the mail server
โ
Gain **full system control**
โ
Abuse mail infrastructure for spam, phishing, or lateral movement
โ ๏ธ Because mail servers are usually **Internet-exposed**, the real-world risk is **extremely high**.
---
## ๐งจ Risk Assessment
| Factor | Risk |
| ------------------ | ------------------ |
| Exploit Complexity | ๐ข Low |
| Privileges Needed | ๐ข None |
| Exposure | ๐ด Internet-facing |
| Potential Damage | ๐ด Full compromise |
**Overall Risk Level:** ๐จ **CRITICAL**
---
## ๐ ๏ธ Mitigation & Remediation (Urgent)
### โ
Immediate Actions
1. **Upgrade SmarterMail to Build 9413 or later**
2. Restrict external access until patching is complete
3. Review server file systems for **unexpected uploads**
4. Check logs for suspicious POST/upload activity
5. Rotate credentials if compromise is suspected
---
## ๐ต๏ธ Exploitation Status
* ๐ซ No widely published public PoC (as of now)
* โ ๏ธ **High likelihood of active exploitation** due to:
* CVSS 10.0
* Unauthenticated access
* Internet-facing service
* Simple attack path
---
## ๐ท Attribution
* **CVE Assigned By:** Cyber Security Agency (CSA), Singapore
* **Referenced By:**
* NVD (NIST)
* CSA Singapore
* National CERT advisories (EU & APAC)
---
## Here are the **short steps** to run the Nuclei detection template for CVE-2025-52691:
1. **Save the template**
Copy the YAML into a file: `cve-2025-52691.yaml`
3. **Install/Update Nuclei** (if needed)
```bash
go install -v github.com/projectdiscovery/nuclei/v3/cmd/nuclei@latest
```
4. **Run on a single target**
```bash
nuclei -t cve-2025-52691.yaml -u https://your-smartermail-domain.com
```
5. **Run on multiple targets** (from a file called `targets.txt`)
```bash
nuclei -t cve-2025-52691.yaml -l targets.txt
```
6. **Optional useful flags**
- `-v` โ see more details
- `-o results.txt` โ save output
- `-silent` โ show only matches
That's it! If it finds a vulnerable version (
**Reminder**: Only scan systems you own or have permission for. ๐