Email Gateway Critical Vulnerability & Patch Management

Maximum-severity file upload vulnerability in centralized email server highlights critical need for defense-in-depth architecture and rapid patch deployment for CVSS 10.0 critical vulnerabilities.

1 intelligence brief← Intelligence Hub

SmarterTools SmarterMail CVE-2025-52691: Unauthenticated Arbitrary File Upload Enables Remote Code Execution on Email Gateways

SmarterTools SmarterMail CVE-2025-52691 (CVSS 10.0) allows unauthenticated attackers to upload arbitrary files to mail servers without authentication, enabling immediate remote code execution. Affects Build 9406 and earlier; patched in Build 9413 (Oct 9, 2025). Used by web hosting providers ASPnix, Hostek, simplehosting.ch managing thousands of customer domains.

Peter Chofield

Jan 4, 2026

11–16 minutes

Email Gateway Critical Vulnerability & Patch Management

SmarterTools SmarterMail CVE-2025-52691: Unauthenticated Arbitrary File Upload Enables Remote Code Execution on Email Gateways