December 30 Advisory: SmarterMail Unauthenticated Arbitrary File Upload Vulnerability Allows RCE [CVE-2025-52691]

Rapid Response

Vulnerability Description

CVE-2025-52691 is a critical unauthenticated arbitrary file upload vulnerability in SmarterTools’ SmarterMail software. The flaw allows unauthenticated attackers to upload arbitrary files to any location on the mail server, which can lead to remote code execution (RCE) and potentially result in full system compromise. The vulnerability has been assigned a CVSS v3.1 base score of 10.0.

Screenshot-2025-12-30-at-5.46.51-PM.png
Map of potentially vulnerable exposed hosts

See the full breakdown by country in Censys Platform → 

Field Description
CVE-ID CVE-2025-52691 — CVSS v3.1 base score of 10.0 — assigned by CSA
Vulnerability Description A critical vulnerability in SmarterTools’ SmarterMail software allows unauthenticated attackers to upload arbitrary files to any location on the mail server, which can lead to remote code execution (RCE) and potentially result in full system compromise. 
Date of Disclosure December 28, 2025
Affected Assets SmarterMail (SmarterTools)
Vulnerable Software Versions Build 9406 and earlier
PoC Available? As of writing, no public proof-of-concept exploit has been released.
Exploitation Status No known exploitation at time of writing.
Patch Status Patch is available. SmarterTools has released SmarterMail Build 9413 to address this

Censys Perspective 

As of time of writing, Censys observes 16,109 exposed and potentially vulnerable hosts, trackable with the following Censys queries: 

Platform 

(host.services.endpoints.http.body: {"ng-app="smartermail"", "SmarterMail Copyright"} or host.services.endpoints.http.html_title="rntSmarterMailrn" or host.services.endpoints.http.favicons.hash_md5="1af343c2b059ae3da7b4a144d05db588")
or
(web.endpoints.http.body: {"ng-app="smartermail"", "SmarterMail Copyright"} or web.endpoints.http.html_title="rntSmarterMailrn" or web.endpoints.http.favicons.hash_md5="1af343c2b059ae3da7b4a144d05db588")

ASM

risks.name="Vulnerable SmarterMail [CVE-2025-52691]"

Legacy Search 

services.http.response.body: {"SmarterMail Copyright","ng-app="smartermail""} or services.http.response.html_title="rntSmarterMailrn" or services.http.response.favicons.md5_hash="1af343c2b059ae3da7b4a144d05db588"

References

Subscribe to our blog

Back to resource hub

US: +1-888-985-5547

Intl: +1-877-438-9159

connect@censys.com

Subscribe to our newsletter

Subscribe to our newsletter

Copyright © 2026 Censys  |  Data Retention Policy  |  Terms & Conditions  |  Privacy Policy