SmarterTools has issued an urgent security fix for a critical vulnerability in SmarterMail that scores a perfect 10.0 on the severity scale. The flaw, CVE-2025-52691, lets unauthenticated attackers upload files anywhere on mail servers and execute remote code without needing login credentials.
The vulnerability affects SmarterMail Build 9406 and earlier versions, putting organizations at immediate risk of complete system compromise. Attackers could access sensitive emails, deploy malware, steal data, and move laterally through corporate networks.
Chua Meng Han from Singapore's CSIT discovered the flaw. SmarterTools has released Build 9413 as a fix. Organizations must update immediately to prevent potential attacks.
Source: Cyber Security News