CVE-2025-52691

Name of the Vulnerable Software and Affected Versions SmarterTools SmarterMail versions prior to Build 9413

Description A critical vulnerability exists in SmarterTools SmarterMail that allows unauthenticated attackers to upload arbitrary files to any location on the mail server, potentially enabling remote code execution (RCE). Active exploitation of this vulnerability, tracked as CVE-2025-52691, has been confirmed. The vulnerability has a CVSS score of 10.0. Multiple sources report that over 8,000 internet-exposed servers remain vulnerable. Attackers are actively dissecting patches to identify and exploit this flaw. The /api/upload endpoint is particularly vulnerable, with the guid parameter within contextData being a key point of exploitation. Attackers are using decompilers to reverse-engineer patches, demonstrating a rapid adaptation to exploit the vulnerability.

Recommendations Upgrade SmarterTools SmarterMail to version Build 9413 or later.