CVE-2025-52691 - SmarterTools SmarterMail Unrestricted Upload of File with Dangerous Type Vulnerability
Project:SmarterTools
Product:SmarterMail
Date Added:2026-01-26Due Date:2026-02-16
Vulnerability Name
SmarterTools SmarterMail Unrestricted Upload of File with Dangerous Type Vulnerability
Description
SmarterTools SmarterMail contains an unrestricted upload of file with dangerous type vulnerability that could allow an unauthenticated attacker to upload arbitrary files to any location on the mail server, potentially enabling remote code execution.
Known To Be Used in Ransomware Campaigns?
Known
Action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Additional Notes
https://www.smartertools.com/smartermail/release-notes/current
https://www.csa.gov.sg/alerts-and-advisories/alerts/al-2025-124/
https://nvd.nist.gov/vuln/detail/CVE-2025-52691
Related News Articles
China-Linked Storm-1175 Exploits Zero-Days to Rapidly Deploy Medusa RansomwareApril 7, 2026
Microsoft links Medusa ransomware affiliate to zero-day attacksApril 7, 2026
Warlock Ransomware Breaches SmarterTools Through Unpatched SmarterMail ServerFebruary 10, 2026
Over 6,000 SmarterMail servers exposed to automated hijacking attacks January 27, 2026