Upload Arbitrary Files_CVE-2025-52691

10 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Description

Successful exploitation of the vulnerability could allow an unauthenticated attacker to upload arbitrary files to any location on the mail server, potentially enabling remote code execution.

AI Analysis

Unauthenticated arbitrary file upload vulnerability, potentially enabling remote code execution

Basic Information

ID CVE-2025-52691

Source CSA

Published Dec 29, 2025 at 02:15

Affected Product

Vendor SmarterTools

Product SmarterMail

Version SmarterMail versions Build 9406 and earlier

Affected Versions SmarterTools SmarterMail SmarterMail versions Build 9406 and earlier

AI Assessment

AI Score 10 / 10

AI Severity Critical

Vendor SmarterTools

Product SmarterMail

Version Build 9406 and earlier

References

www.csa.gov.sg /alerts-and-advisories/alerts/al-2025-124/

{
    "lastseen": "",
    "description": "Successful exploitation of the vulnerability could allow an unauthenticated attacker to upload arbitrary files to any location on the mail server, potentially enabling remote code execution.",
    "published": "2025-12-29T02:15:58.200Z",
    "modified": "2025-12-29T02:15:58.200Z",
    "type": "cve",
    "title": "Upload Arbitrary Files",
    "source": "CSA",
    "references": "https://www.csa.gov.sg/alerts-and-advisories/alerts/al-2025-124/",
    "id": "CVE-2025-52691",
    "bulletinFamily": "",
    "cwe": null,
    "cvelist": null,
    "sourceData": "SmarterTools SmarterMail SmarterMail versions Build 9406 and earlier",
    "sourceHref": "",
    "cvss": {
        "score": 10,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "SmarterMail",
    "version": "SmarterMail versions Build 9406 and earlier",
    "vendor": "SmarterTools",
    "ai_description": "Unauthenticated arbitrary file upload vulnerability, potentially enabling remote code execution",
    "ai_severity": "Critical",
    "ai_vendor": "SmarterTools",
    "ai_product": "SmarterMail",
    "ai_version": "Build 9406 and earlier",
    "ai_score": 10
}