Critical Vulnerability Alert in SmarterTools SmarterMail: Remote Code Execution without Authentication
Critical Vulnerability Warning in SmarterTools SmarterMail The Cyber Security Agency of Singapore (CSA) has issued an alert regarding a major security flaw in the SmarterTools SmarterMail email software. This vulnerability, with a CVSS score of 10.0, could be exploited to achieve remote code execution (RCE) without the need for authentication. Vulnerability Details (CVE-2025-52691) The vulnerability, identified as CVE-2025-52691, is a case of arbitrary file upload. This means that an unauthenticated attacker could upload files of any type to any location on the mail server. If these malicious files (such as web shells or binaries) are interpreted and executed as code by the application environment, the attacker could gain control with the same privileges as the SmarterMail service. ...