Is CVE-2025-52691 actively exploited?

CVE-2025-52691 has no public evidence of in-the-wild exploitation as of 2026-01-27.

What is the CVSS score for CVE-2025-52691?

CVE-2025-52691 has a CVSS score of 10 (CRITICAL severity). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H.

How do I patch CVE-2025-52691?

Patch guidance is available from smartertools security advisories. CVEDatabase generates AI-assisted remediation guidance on demand for CVE-2025-52691.

Which products are affected by CVE-2025-52691?

1 product: smartertools smartermail.

Fix CVE-2025-52691 - CRITICAL smartertools smartermail

Description

Successful exploitation of the vulnerability could allow an unauthenticated attacker to upload arbitrary files to any location on the mail server, potentially enabling remote code execution.

CVSS Metrics

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Attack Vector: network
Complexity: low
Privileges: none
User Action: none
Scope: changed
Confidentiality: high
Integrity: high
Availability: high
Weaknesses: CWE-434 · Unrestricted File Upload

Metadata

Primary Vendor: SMARTERTOOLS
Published: 12/29/2025
Last Modified: 1/27/2026
Source: NIST NVD
Note: Verify all details with official vendor sources before applying patches.

CVE-2025-52691

Description

CVSS Metrics

Metadata

Affected Products

Remediation Guidance

Executive Summary