CVE-2025-52691

Warnung

Medienbericht

Exploit

EPSS 85.46%
Veröffentlicht 29.12.2025 02:15:58
Zuletzt bearbeitet 27.01.2026 15:28:07
Quelle 5f57b9bf-260d-4433-bf07-b6a79e
CVE-Watchlists
Login
Unerledigt
Login

Upload Arbitrary Files

Successful exploitation of the vulnerability could allow an unauthenticated attacker to upload arbitrary files to any location on the mail server, potentially enabling remote code execution.

Betroffene Produkte Warnungen 1 Metriken 2 CWE 1 Referenzen 10

NVD 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

SmarterTools ≫ SmarterMail Version < 100.0.9413

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

26.01.2026: CISA Known Exploited Vulnerabilities (KEV) Catalog

SmarterTools SmarterMail Unrestricted Upload of File with Dangerous Type Vulnerability

Schwachstelle

SmarterTools SmarterMail contains an unrestricted upload of file with dangerous type vulnerability that could allow an unauthenticated attacker to upload arbitrary files to any location on the mail server, potentially enabling remote code execution.

Beschreibung

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Erforderliche Maßnahmen

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	85.46%	0.997

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
5f57b9bf-260d-4433-bf07-b6a79e9bb7d4	10	3.9	6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CWE-434 Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.

VulnDex Intel

Media Report

10.04.2026 15:19

Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.

VulnDex Intel

Media Report

06.04.2026 19:00

Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.

VulnDex Intel

Media Report

17.03.2026 22:20

Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.

VulnDex Intel

Media Report

03.02.2026 12:23

https://www.csa.gov.sg/alerts-and-advisories/alerts/al-2025-124/

Third Party Advisory

https://github.com/watchtowrlabs/watchTowr-vs-SmarterMail-CVE-2025-52691?ref=labs.watchtowr.com

Third Party Advisory

Exploit

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-52691

US Government Resource

https://nvd.nist.gov/vuln/detail/CVE-2025-52691

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-52691

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-52691

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-52691

26.01.2026: CISA Known Exploited Vulnerabilities (KEV) Catalog