CVE-2025-52691: SmarterTools SmarterMail Unrestricted Upload of File with Dangerous Type Vulnerability

CVE ID

CVE-2025-52691

Vulnerability Name

SmarterTools SmarterMail Unrestricted Upload of File with Dangerous Type Vulnerability

• Project: SmarterTools
• Product: SmarterMail

Date

• Date Added: 2026-01-26
• Due Date: 2026-02-16

Description

SmarterTools SmarterMail contains an unrestricted upload of file with dangerous type vulnerability that could allow an unauthenticated attacker to upload arbitrary files to any location on the mail server, potentially enabling remote code execution.

Known To Be Used in Ransomware Campaigns?

Unknown

Action

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Additional Notes

https://www.smartertools.com/smartermail/release-notes/current ; https://www.csa.gov.sg/alerts-and-advisories/alerts/al-2025-124/ ; https://nvd.nist.gov/vuln/detail/CVE-2025-52691

Related Security News

• Over 6,000 SmarterMail servers exposed to automated hijacking attacks

More CVEs Info

Common Vulnerabilities & Exposures (CVE) List