cve detail

CVE-2025-52691

naam

SmarterTools SmarterMail Unrestricted Upload of File with Dangerous Type Vulnerability

SmarterTools SmarterMail contains an unrestricted upload of file with dangerous type vulnerability that could allow an unauthenticated attacker to upload arbitrary files to any location on the mail server, potentially enabling remote code execution.

KEV

bekend misbruikt

EPSS

87%

percentiel

99%

vendor

SmarterTools

product

SmarterMail

toegevoegd aan KEV

26 jan 2026

due date

16 feb 2026

ransomware

Known

CWE

CWE-434

EPSS datum

12 mei 2026

aanbevolen actie

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

notities

https://www.smartertools.com/smartermail/release-notes/current ; https://www.csa.gov.sg/alerts-and-advisories/alerts/al-2025-124/ ; https://nvd.nist.gov/vuln/detail/CVE-2025-52691