CVE-2025-52691
Published: 29 December 2025
Description
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Security Summary
CVE-2025-52691 is a critical vulnerability (CVSS 10.0, CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H) affecting SmarterMail, a mail server software. It stems from CWE-434 (Unrestricted Upload of File with Dangerous Type), where successful exploitation allows an unauthenticated attacker to upload arbitrary files to any location on the server, potentially leading to remote code execution. The vulnerability was published on 2025-12-29.
An unauthenticated attacker with network access can exploit this vulnerability with low complexity and no user interaction required. By uploading malicious files to arbitrary server locations, the attacker can achieve high confidentiality, integrity, and availability impacts, including full remote code execution in a scoped manner.
Advisories from the Cyber Security Agency of Singapore (CSA) at https://www.csa.gov.sg/alerts-and-advisories/alerts/al-2025-124/, WatchTowr Labs GitHub analysis at https://github.com/watchtowrlabs/watchTowr-vs-SmarterMail-CVE-2025-52691?ref=labs.watchtowr.com, and CISA's Known Exploited Vulnerabilities Catalog at https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-52691 provide further details on exploitation and mitigation recommendations.
This vulnerability is listed in CISA's Known Exploited Vulnerabilities Catalog, indicating active real-world exploitation.
Details
- CWE(s)
- KEV Date Added
- 26 January 2026
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
Unauthenticated arbitrary file upload to any location on public-facing SmarterMail mail server enables remote code execution, directly mapping to T1190: Exploit Public-Facing Application.