Serious Flaw Detected in Popular Email Solution
Cybersecurity experts and government agencies are voicing serious concerns over a vulnerability found in SmarterTools’ SmarterMail, a well-known alternative to Microsoft Exchange. This flaw, identified as CVE-2025-52691, poses a significant risk due to its potential to allow remote code execution on affected systems, earning it a disturbing perfect score of 10 on the Common Vulnerability Scoring System (CVSS).
Discovery and Urgent Updates
The vulnerability was brought to light through a collaborative investigation between SmarterTools and the Cyber Security Agency of Singapore on December 29, 2025. In response to this discovery, officials have urged all users to upgrade their systems to Build 9413 of SmarterMail without delay. This patch is crucial; failing to implement it could leave servers open to exploitation by unauthorized users who may upload arbitrary files, eventually leading to remote code execution.
Signs of Exploitation Attempts
By January 6, 2026, discussions in SmarterTools’ community forums indicated heightened activity surrounding attempts to exploit this vulnerability. Users noted that while no successful breaches had been reported yet, there were clear indicators of malicious intent. One user remarked, “Those are DEFINITELY malicious,” referring to shared code samples and highlighting the potential for attackers to execute scripts that could initiate further compromise through PowerShell.
Timeline Raises Questions
While the fix for the vulnerability was rolled out with Build 9413 in October 2025, the timeline surrounding its disclosure remains a topic of debate. It seems the vulnerability was quietly addressed months before its public announcement. This silence has raised eyebrows among cybersecurity experts, leaving some unanswered questions for SmarterTools.
Benjamin Harris, CEO and founder of watchTowr, emphasized the troubling aspects of this “silent patching” approach. He explained that the delayed disclosure left systems vulnerable for almost three months, during which time cybercriminals could have analyzed the patch to exploit unknowing targets.
Communication Breakdown
Many administrators managing SmarterMail systems remained unaware of the vulnerability until after the fact, raising concerns over SmarterTools’ communication strategy. Harris pointed out that relying on users to discover security updates on their own severely undermines trust, which is foundational for effective cybersecurity defense.
“I urge all SmarterMail administrators to verify immediately that they are running Build 9413 or later,” Harris advised. He further recommended a thorough investigation of logs for any suspicious file uploads or unusual system behavior, noting that complacency—termed “security through obscurity”—is no longer a viable protection against modern threats.
Finding More Information
For those interested in learning more about the specific vulnerabilities and how they can be exploited, additional resources are available on watchTowr’s blog. The ongoing dialogue within cybersecurity communities underscores the importance of proactive communication and rapid updates in addressing serious vulnerabilities.
