A flaw in a popular alternative to Microsoft Exchange is causing concern among cyber security experts and government agencies alike, with the very real possibility of it leading to remote code execution on vulnerable platforms.
CVE-2025-52691, pre-auth RCE in SmarterTools’ SmarterMail business email and collaboration solution, with an alarming perfect 10 CVSS score.
The vulnerability was revealed in a collaborative effort between SmartTools and the Cyber Security Agency of Singapore on 29 December last year, with the agency warning all users to update their installations to Build 9413 of SmarterMail “immediately”.
If unpatched, an unauthenticated user may be able to upload arbitrary files to the mail server, with the potential to lead to remote code execution. According to chatter in SmarterTools’ community forum around 6 January, there is evidence of attempted exploitation of this bug, but so far, none has been successful.
“Those are DEFINITELY malicious,” one user said after some code samples were shared by another user.
“That second one shows the chaining attempts I’m talking about. If they can get execution of that script, it will download its actual attack code via PowerShell to fully pwn the server.”
While the fact that the vulnerability has now been addressed in an update, some mysteries remain regarding the timeline of the disclosure, however. It appears the vulnerability was addressed months before its final disclosure – Build 9413, the fixed version, was released in October 2025.
Benjamin Harris, founder and CEO of watchTowr, said the whole situation left some questions for SmarterTools to answer.
“Our analysis published on January 8 confirms that while a patch was made available in October 2025 (Build 9413), the vulnerability was not publicly disclosed until late December 2025,” Harris told Cyber Daily.
“This ‘silent patching’ strategy left systems exposed for nearly three months – a period during which threat actors could have reverse-engineered the update to exploit unaware targets.”
Harris noted that many admins of SmarterMail installations were only finding out about the vulnerability after the fact, and were worried about SmarterTools’ lack of clear communication.
“Relying on users to stumble upon security fixes without clear advisories undermines the trust required for effective defence,” Harris said.
“We urge all SmarterMail administrators to verify immediately that they are running Build 9413 or later. If your system was running an older version between October and December 2025, we recommend a thorough review of logs for suspicious file uploads or anomalous behaviour, as ‘security through obscurity’ is not a valid defence against modern threat actors.”
You can find more information on the vulnerability and how it can be exploited on watchTowr’s blog post.
David Hollingworth
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.