CVE-2025-52691

Critical KEV CVSS: 10.0

Successful exploitation of the vulnerability could allow an unauthenticated attacker to upload arbitrary files to any location on the mail server, potentially enabling remote code execution.

Vendor

Smartertools

Product

Smartermail

CWE

CWE-434

Yayın Tarihi

2025-12-29 03:15:42

Güncelleme

2026-01-27 15:28:07

Source Identifier

5f57b9bf-260d-4433-bf07-b6a79e9bb7d4

KEV Date Added

2026-01-26

Kategoriler

CWE-434 Smartermail CRITICAL Smartertools 2025

Referanslar

https://www.csa.gov.sg/alerts-and-advisories/alerts/al-2025-124/ https://github.com/watchtowrlabs/watchTowr-vs-SmarterMail-CVE-2025-52691?ref=labs.watchtowr.com https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-52691

Benzer Kayıtlar

Medium

CVE-2026-25067

SmarterTools SmarterMail versions prior to build 9518 contain an unauthenticated path coercion vulnerability in the bac…

Critical

CVE-2026-24423

SmarterTools SmarterMail versions prior to build 9511 contain an unauthenticated remote code execution vulnerability in…

Critical

CVE-2026-23760

SmarterTools SmarterMail versions prior to build 9511 contain an authentication bypass vulnerability in the password res…

Medium

CVE-2020-36926

SmarterTrack 7922 contains an information disclosure vulnerability in the Chat Management search form that reveals agent…