CVE-2025-52691NVD

Vulnerability Summary

Successful exploitation of the vulnerability could allow an unauthenticated attacker to upload arbitrary files to any location on the mail server, potentially enabling remote code execution.

Severity Level

CRITICAL(10.0)

Published Date

Dec 29, 2025

Last Modified

Jan 27, 2026

Exploitation Status

????

EPSS Score (30-Day)

Data Pending

Root Weakness (CWE)

CWE-434: Unrestricted File Upload ↗

The software allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment.

CVSS v3.1 Base Metrics

Attack VectorNetwork

Attack ComplexityLow

Privileges RequiredNone

User InteractionNone

ScopeChanged

ConfidentialityHigh

IntegrityHigh

AvailabilityHigh

External References

https://www.csa.gov.sg/alerts-and-advisories/alerts/al-2025-124/
https://github.com/watchtowrlabs/watchTowr-vs-SmarterMail-CVE-2025-52691?ref=labs.watchtowr.com
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-52691

Critical Alert 1 Active Exploit Detected Today

CVE Watchtower

CVE-2025-52691NVD

Vulnerability Summary

External References