CVE-2025-52691
CISA KEVPublished January 26, 2026 · Updated April 3, 2026
What This Means
**CVE-2025-52691: SmarterMail Unrestricted File Upload** SmarterTools SmarterMail allows unauthenticated attackers to upload arbitrary files to any location on the mail server due to missing file type validation. An attacker can exploit this to place webshells or executables on the server and achieve remote code execution. **Actions for your SOC:** 1. Identify all SmarterMail instances in your environment and check for available patches from SmarterTools. 2. If patching cannot be immediate, restrict network access to SmarterMail upload endpoints and monitor upload directories for suspicious file creation (webshell extensions, executable types). 3. Review mail server logs and filesystem timestamps for evidence of exploitation—look for unexpected files in web-accessible directories or system paths created before the current date.
Official Description+
SmarterTools SmarterMail contains an unrestricted upload of file with dangerous type vulnerability that could allow an unauthenticated attacker to upload arbitrary files to any location on the mail server, potentially enabling remote code execution.
Affected Products
| Vendor | Product |
|---|---|
| SmarterTools | SmarterMail |
Patch Status
Recommended Actions
- Check if your systems use any of the affected products listed above.
- Apply vendor patches immediately if available.
- This vulnerability is in CISA's Known Exploited Vulnerabilities catalog — prioritize remediation.
- Monitor vendor advisories for updates and additional mitigations.
- Review logs for indicators of compromise related to CVE-2025-52691.