CVE-2025-52691

Опубликовано: 29 дек. 2025

Источник: nvd

CVSS3: 10

EPSS Высокий

Описание

Successful exploitation of the vulnerability could allow an unauthenticated attacker to upload arbitrary files to any location on the mail server, potentially enabling remote code execution.

Ссылки

https://www.csa.gov.sg/alerts-and-advisories/alerts/al-2025-124/
Third Party Advisory
https://github.com/watchtowrlabs/watchTowr-vs-SmarterMail-CVE-2025-52691?ref=labs.watchtowr.com
Exploit
Third Party Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-52691
US Government Resource

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:smartertools:smartermail:*:*:*:*:*:*:*:*

Версия до 100.0.9413 (исключая)

EPSS

Процентиль: 99%

0.79945

Высокий

10 Critical

CVSS3

Дефекты

CWE-434

Связанные уязвимости

GHSA-c9vj-8fwr-4gvq