Email Infrastructure Supply Chain Compromise

Email gateway compromise at hosting providers enables lateral movement to customer websites, databases, and backend systems affecting thousands of organizations simultaneously.

1 intelligence brief← Intelligence Hub

SmarterTools SmarterMail CVE-2025-52691: Unauthenticated Arbitrary File Upload Enables Remote Code Execution on Email Gateways

SmarterTools SmarterMail CVE-2025-52691 (CVSS 10.0) allows unauthenticated attackers to upload arbitrary files to mail servers without authentication, enabling immediate remote code execution. Affects Build 9406 and earlier; patched in Build 9413 (Oct 9, 2025). Used by web hosting providers ASPnix, Hostek, simplehosting.ch managing thousands of customer domains.

Peter Chofield

Jan 4, 2026

11–16 minutes

Email Infrastructure Supply Chain Compromise

SmarterTools SmarterMail CVE-2025-52691: Unauthenticated Arbitrary File Upload Enables Remote Code Execution on Email Gateways