Initiatives for
As the national authority for Cybersecurity the CCB has developed several initiatives for specific publics which are presented here.
Warning: Critical unauthenticated arbitrary file upload vulnerability in SmarterMail server, Patch Immediately!
Image
Published : 29/12/2025
- Last update: 29/12/2025
- Affected software: SmarterTools SmarterMail software < build 9413
- Type: Arbitrary file upload
- CVE/CVSS
→ CVE-2025-52691: CVSS 10.0 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Sources
SmarterMail Release Notes - https://www.smartertools.com/smartermail/release-notes/current
Risks
CVE-2025-52691 in SmarterMail server allows an unauthenticated attacker to upload files to arbitrary locations on the mail server, which can be used to place malicious content outside of expected directories and facilitate remote code execution.
Because mail servers are directly exposed to the internet to receive and serve mail traffic, this flaw significantly increases the likelihood of exploitation. Successful attacks can lead to full compromise of the mail service and underlying host, undermining confidentiality, integrity and availability of email data and potentially enabling abuse of the server for spam, phishing campaigns or further lateral movement within the network.
Affected instances that are internet-reachable and not patched or mitigated are at critical risk with a high impact on confidentiality, integrity, and availability.
Description
CVE-2025-52691 is a critical arbitrary file upload vulnerability affecting SmarterTools SmarterMail server (Build 9406 and earlier). A remote, unauthenticated attacker can exploit this flaw to upload arbitrary files to any location on the mail server without valid credentials or user interaction.
Successful exploitation of this vulnerability may enable remote code execution (RCE) on the affected host. Because the vulnerability permits uploading files outside of intended upload directories, attackers could place malicious binaries or web shells that execute with the privileges of the SmarterMail service.
This significantly undermines the security boundary of the server and can lead to full system compromise if the uploaded content is executed. There is no evidence of a public proof-of-concept exploit at this time.
Recommended Actions
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority after thorough testing.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity and ensure a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via https://ccb.belgium.be/en/cert/report-incident.
While patching appliances or software to the newest version may protect against future exploitation, it does not remediate historic compromise.
References
NVD - https://nvd.nist.gov/vuln/detail/CVE-2025-52691
SingCERT - https://www.csa.gov.sg/alerts-and-advisories/alerts/al-2025-124/