CVE-2025-52691

high-risk
Published 2025-12-29

Successful exploitation of the vulnerability could allow an unauthenticated attacker to upload arbitrary files to any location on the mail server, potentially enabling remote code execution.

Do I need to act?

!
87.3% chance of exploitation in next 30 days
EPSS score — higher than 13% of all CVEs
!
CISA KEV: actively exploited in the wild
On the Known Exploited Vulnerabilities catalog — federal agencies must patch
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
10
CVSS 10.0/10 Critical
NETWORK / LOW complexity

Affected Products (1)

Affected Vendors

Smartertools

References (3)

Third Party Advisory https://www.csa.gov.sg/alerts-and-advisories/alerts/al-2025-124/
Exploit https://github.com/watchtowrlabs/watchTowr-vs-SmarterMail-CVE-2025-52691?ref=lab...
US Government Resource https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-...
65
/ 100
high-risk
Severity 33/34 · Critical
Exploitability 27/34 · High
Exposure 5/34 · Minimal