CVE-2025-52691CRITICAL 10.0CISA KEVEPSS p99.7%

CVE-2025-52691SmarterTools SmarterMail Unrestricted Upload of File with Dangerous Type Vulnerability

SmarterTools / SmarterMail

Description

SmarterTools SmarterMail contains an unrestricted upload of file with dangerous type vulnerability that could allow an unauthenticated attacker to upload arbitrary files to any location on the mail server, potentially enabling remote code execution.

Scoring

CVSS 3.110.0 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
EPSS85.46% probability of exploitation · percentile 99.7% · 2026-06-17T12:03:21Z
Published2025-12-29
Last modified2026-01-27

CISA KEV entry

Added to KEV: 2026-01-26

Underlying weaknesses· 1

CWE-434

References

  1. https://www.csa.gov.sg/alerts-and-advisories/alerts/al-2025-124/
  2. https://github.com/watchtowrlabs/watchTowr-vs-SmarterMail-CVE-2025-52691?ref=labs.watchtowr.com
  3. https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-52691

1

TypeTargetConfidenceTier
WeaknessUnrestricted Upload of File with Dangerous Typecwe-4340%live

(incoming)1

TypeTargetConfidenceTier
KEVEntrySmarterTools SmarterMail Unrestricted Upload of File with Dangerous Type Vulnerabilitykev-cve-2025-526910%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
SmarterTools SmarterMail Missing Authentication for Critical Function Vulnerability
CVE
SmarterTools SmarterMail Authentication Bypass Using an Alternate Path or Channel Vulnerability
CVE
CVE-2026-7807
CVE
CVE-2025-54944
CVE
CVE-2025-55061
CVE
CVE-2025-32579
Sourced from NVD + CISA KEV + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.