CVE-2025-52691
Arbitrary File Upload in Mail Server Enables Remote Code Execution
Publication date: 2025-12-29
Last updated on: 2025-12-29
Assigner: CSA
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| smartertools | smartermail | 9413 |
| smartertools | smartermail | 9406 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability allows an unauthenticated attacker to upload arbitrary files to any location on the mail server. This means the attacker can place malicious files on the server without needing to log in or have any privileges, potentially leading to remote code execution.
How can this vulnerability impact me? :
The impact of this vulnerability is severe. An attacker could execute arbitrary code remotely on the mail server, leading to full compromise of the server, data theft, disruption of mail services, and potentially using the server as a foothold to attack other systems.
What immediate steps should I take to mitigate this vulnerability?
Users and administrators should immediately update SmarterMail to version Build 9413, which contains the security fix for this vulnerability. This update mitigates the risk of arbitrary file uploads and potential remote code execution. [1]