CVE-2025-52691
Description
CVE-2025-52691 is a critical file upload vulnerability in SmarterTools SmarterMail (CVSS 10.0) allowing unauthenticated remote code execution.
CPE
| Product | Version Start | Version End (excl.) | Status |
|---|---|---|---|
| smartermail | * | 100.0.9413 | vulnerable |
Related weakness (CWE)
Remediation plan
Apply official patches
Download and install the latest security updates provided by SmarterTools specifically addressing the arbitrary file upload vulnerability in SmarterMail.
Update affected systems
Ensure all SmarterMail instances are updated to version 100.0.9413 or later, as all versions prior to this build are confirmed to be vulnerable.
Restrict access
Implement strict IP whitelisting for administrative interfaces and ensure the web server service account has minimal write permissions to non-essential directories.
Monitor for exploitation
Audit the file system for unexpected .aspx, .exe, or script files in the SmarterMail installation directory and monitor for unauthorized web shell activity.
Detection Guidance
Security teams should inspect web server access logs for unusual POST requests directed at file upload endpoints, particularly those originating from unknown IP addresses. Monitor for the creation of new, unauthorized files within the SmarterMail web root or temporary directories. Additionally, use EDR tools to detect suspicious child processes spawned by the SmarterMail web service (e.g., cmd.exe or powershell.exe) and alert on any unauthorized modifications to system configuration files.