VDB
CVE-2025-52691
CVE-2025-52691
PUBLISHED
KEV
CVSS 10 CRITICAL
Successful exploitation of the vulnerability could allow an unauthenticated attacker to upload arbitrary files to any location on the mail server, potentially enabling remote code execution.
EPSS 89.66% · 99.6th percentile
Risk Scores
CVSS 3.1
10
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
EPSS Score
89.66%
99.6th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| smartertools | smartermail | 0, 0 |
| SmarterTools | SmarterMail | SmarterMail versions Build 9406 and earlier, SmarterMail versions Build 9406 and earlier |
Exploit Intelligence
- Udyz/CVE-2025-52691 (github-poc)
- Udyz/CVE-2025-52691 (github-poc)
- Udyz/CVE-2025-52691 (github-poc)
- Udyz/CVE-2025-52691 (github-poc)
- Udyz/CVE-2025-52691 (github-poc)
- Udyz/CVE-2025-52691 (github-poc)
- Udyz/CVE-2025-52691 (github-poc)
- CIRCL published-proof-of-concept: CVE-2025-52691 (circl-sighting)
- CIRCL published-proof-of-concept: CVE-2025-52691 (circl-sighting)
- CIRCL published-proof-of-concept: CVE-2025-52691 (circl-sighting)
…and 206 more exploits
Timeline
- Dec 29, 2025 EPSS Score
- Dec 29, 2025 CVE Published
- Dec 29, 2025 PoC Published
- Dec 29, 2025 PoC Published
- Dec 29, 2025 PoC Published
- Dec 29, 2025 PoC Published
- Dec 30, 2025 PoC Published
- Dec 30, 2025 PoC Published
- Dec 30, 2025 PoC Published
- Dec 30, 2025 PoC Published
- Dec 30, 2025 PoC Published
- Dec 30, 2025 PoC Published
References
- https://www.csa.gov.sg/alerts-and-advisories/alerts/al-2025-124/ url
- https://github.com/watchtowrlabs/watchTowr-vs-SmarterMail-CVE-2025-52691?ref=labs.watchtowr.com exploit
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-52691 url
- https://nvd.nist.gov/vuln/detail/CVE-2025-52691 advisory
- https://www.csa.gov.sg/alerts-and-advisories/alerts/al-2025-124 url