Critical SmarterMail Arbitrary File Upload Vulnerability Disclosed
Summary
Hide ▲
Show ▼
The Cyber Security Agency of Singapore (CSA) has disclosed a critical vulnerability (CVE-2025-52691) in SmarterMail email software, allowing unauthenticated remote code execution via arbitrary file upload. The flaw affects versions up to Build 9406 and has been patched in Build 9413 and later. SmarterMail is used by various web hosting providers, and users are advised to update to the latest version (Build 9483) for protection.
Timeline
-
30.12.2025 18:28 1 articles · 23h ago
CSA Discloses Critical SmarterMail Vulnerability
The Cyber Security Agency of Singapore (CSA) issued an alert on December 30, 2025, regarding a critical vulnerability (CVE-2025-52691) in SmarterMail email software. The flaw allows unauthenticated remote code execution via arbitrary file upload. The vulnerability affects versions up to Build 9406 and has been patched in Build 9413 and later. Users are advised to update to the latest version (Build 9483) for protection.
Show sources
- CSA Issues Alert on Critical SmarterMail Bug Allowing Remote Code Execution — thehackernews.com — 30.12.2025 18:28
Information Snippets
-
The vulnerability, CVE-2025-52691, has a CVSS score of 10.0.
First reported: 30.12.2025 18:281 source, 1 articleShow sources
- CSA Issues Alert on Critical SmarterMail Bug Allowing Remote Code Execution — thehackernews.com — 30.12.2025 18:28
-
The flaw allows unauthenticated attackers to upload arbitrary files to the mail server, potentially enabling remote code execution.
First reported: 30.12.2025 18:281 source, 1 articleShow sources
- CSA Issues Alert on Critical SmarterMail Bug Allowing Remote Code Execution — thehackernews.com — 30.12.2025 18:28
-
SmarterMail versions Build 9406 and earlier are affected.
First reported: 30.12.2025 18:281 source, 1 articleShow sources
- CSA Issues Alert on Critical SmarterMail Bug Allowing Remote Code Execution — thehackernews.com — 30.12.2025 18:28
-
The vulnerability was patched in Build 9413, released on October 9, 2025.
First reported: 30.12.2025 18:281 source, 1 articleShow sources
- CSA Issues Alert on Critical SmarterMail Bug Allowing Remote Code Execution — thehackernews.com — 30.12.2025 18:28
-
The latest version, Build 9483, was released on December 18, 2025.
First reported: 30.12.2025 18:281 source, 1 articleShow sources
- CSA Issues Alert on Critical SmarterMail Bug Allowing Remote Code Execution — thehackernews.com — 30.12.2025 18:28
-
Chua Meng Han from the Centre for Strategic Infocomm Technologies (CSIT) discovered and reported the vulnerability.
First reported: 30.12.2025 18:281 source, 1 articleShow sources
- CSA Issues Alert on Critical SmarterMail Bug Allowing Remote Code Execution — thehackernews.com — 30.12.2025 18:28