The Cyber Security Agency of Singapore (CSA) warns of a critical security vulnerability (CVE-2025-52691) in SmarterTools SmarterMail that could allow remote code execution through arbitrary file uploads. Users are urged to update to the latest version to mitigate potential exploitation risks. #SmarterMail #CVE202552691
Keypoints
- The vulnerability affects SmarterMail versions Build 9406 and earlier.
- It allows unauthenticated attackers to upload malicious files to the mail server.
- The flaw can lead to remote code execution by executing uploaded malicious scripts.
- The issue was fixed in Build 9413 released on October 9, 2025.
- Users are advised to update to Build 9483, released on December 18, 2025, for full protection.
Read More: https://thehackernews.com/2025/12/csa-issues-alert-on-critical.html