Unrated severityCISA KEVNVD Advisory· Published Dec 29, 2025· Updated Feb 26, 2026
Upload Arbitrary Files
CVE-2025-52691
Description
Successful exploitation of the vulnerability could allow an unauthenticated attacker to upload arbitrary files to any location on the mail server, potentially enabling remote code execution.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1- Range: SmarterMail versions Build 9406 and earlier
Patches
Vulnerability mechanics
References
1News mentions
2- Attackers With Decompilers Strike Again (SmarterTools SmarterMail WT-2026-0001 Auth Bypass)watchTowr Labs · Jan 22, 2026
- Do Smart People Ever Say They’re Smart? (SmarterTools SmarterMail Pre-Auth RCE CVE-2025-52691)watchTowr Labs · Jan 8, 2026