MUST READ

ESA disclosed a data breach, hackers breached external servers

 | 

Singapore CSA warns of maximun severity SmarterMail RCE flaw

 | 

MongoBleed (CVE-2025-14847): the US, China, and the EU are among the top exploited GEOs

 | 

Coupang announces $1.17B compensation plan for 33.7M data breach victims

 | 

Mustang Panda deploys ToneShell via signed kernel-mode rootkit driver

 | 

Lithuanian suspect arrested over KMSAuto malware that infected 2.8M systems

 | 

U.S. CISA adds a flaw in MongoDB Server to its Known Exploited Vulnerabilities catalog

 | 

Romania’s Oltenia Energy Complex suffers major ransomware attack

 | 

Korean Air discloses data breach after the hack of its catering and duty-free supplier

 | 

MongoBleed flaw actively exploited in attacks in the wild

 | 

Evasive Panda cyberespionage campaign uses DNS poisoning to install MgBot backdoor

 | 

Condé Nast faces major data breach: 2.3M WIRED records leaked, 40M more at risk

 | 

Stolen LastPass backups enable crypto theft through 2025

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 77

 | 

Security Affairs newsletter Round 556 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

LangChain core vulnerability allows prompt injection and data exposure

 | 

NPM package with 56,000 downloads compromises WhatsApp accounts

 | 

Trust Wallet warns users to update Chrome extension after $7M security loss

 | 

Pro-Russian group Noname057 claims cyberattack on La Poste services

 | 

Aflac confirms June data breach affecting over 22 million customers

 | 

Singapore CSA warns of maximun severity SmarterMail RCE flaw

Pierluigi Paganini December 31, 2025

Singapore’s CSA warns of CVE-2025-52691, a critical SmarterMail flaw enabling unauthenticated remote code execution via arbitrary file upload.

Singapore’s Cyber Security Agency of Singapore (CSA) warns of a maximum severity flaw, tracked as CVE-2025-52691 (CVSS score of 10.0), in SmarterMail. The vulnerability enables unauthenticated remote code execution via arbitrary file upload.

“Successful exploitation of the vulnerability could allow an unauthenticated attacker to upload arbitrary files to any location on the mail server, potentially enabling remote code execution.” reads CSA’s advisory.

SmarterMail is a commercial email server software developed by SmarterTools.
It’s used by businesses, hosting providers, and ISPs to run their own mail servers instead of relying on cloud services like Microsoft 365 or Google Workspace.

The vulnerability impacts SmarterMail versions Build 9406 and earlier, CSA recommends users and administrators of affected product versions to update to SmarterMail version Build 9413 immediately.

Mr Chua Meng Han from the Centre for Strategic Infocomm Technologies (CSIT) responsibly disclosed the vulnerability.

At this time, it is unclear if the flaw is being exploited in attacks in the wild.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, CSA)

CVE-2025-52691 Hacking hacking news information security news IT Information Security Pierluigi Paganini Security Affairs Security News Singapore SmarterMail

you might also like

Pierluigi Paganini December 31, 2025
ESA disclosed a data breach, hackers breached external servers
Read more
Pierluigi Paganini December 31, 2025
MongoBleed (CVE-2025-14847): the US, China, and the EU are among the top exploited GEOs
Read more

leave a comment

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

ESA disclosed a data breach, hackers breached external servers

Security / December 31, 2025

Singapore CSA warns of maximun severity SmarterMail RCE flaw

Security / December 31, 2025

MongoBleed (CVE-2025-14847): the US, China, and the EU are among the top exploited GEOs

Hacking / December 31, 2025

Coupang announces $1.17B compensation plan for 33.7M data breach victims

Security / December 30, 2025

Mustang Panda deploys ToneShell via signed kernel-mode rootkit driver

Security / December 30, 2025