Threat Signal Report

SmarterTools SmarterMail RCE

What is the Vulnerability?	An actively targeted vulnerability has been identified in SmarterTools SmarterMail, tracked as CVE-2025-52691, with a CVSS score of 10.0 (Critical). The flaw allows unauthenticated attackers to upload arbitrary files to any location on the mail server, potentially resulting in remote code execution (RCE). SmarterTools SmarterMail is an email and collaboration server positioned as an alternative to Microsoft Exchange. CVE-2025-52691 has been added to CISA’s Known Exploited Vulnerabilities (KEV) catalog as of January 26, 2026, indicating confirmed exploitation in the wild. Successful exploitation could allow threat actors to gain full control of the affected mail server, deploy web shells, establish persistence, and pivot deeper into the environment. Public technical analysis and exploit research indicate active attacker interest and weaponization.
What is the recommended Mitigation?	• The vulnerability affects SmarterMail versions build 9406 and earlier. Immediately upgrade SmarterMail to the latest patched version provided by SmarterTools • Restrict external access to SmarterMail management interfaces where possible. • Monitor for indicators of compromise, including unexpected file uploads, new web-accessible files, and anomalous process execution. • Conduct a post-patch security review to identify potential prior exploitation.
What FortiGuard Coverage is available?	• FortiGuard Intrusion Prevention System (IPS) Service: FortiGuard IPS Service is available to detect and block exploit attempts targeting CVE-2025-52691. Intrusion Prevention \| FortiGuard Labs • FortiGuard Antivirus & Behavior Detection: Delivers protection against known malware and uses advanced behavioral analysis to detect and block unknown threats. • Indicators of Compromise (IOCs) Service: FortiGuard Labs has blocked all known linked IOCs, and the team is continuously monitoring for emerging threats and new IOCs. • FortiGuard Incident Response: Organizations suspecting a compromise can contact the FortiGuard Incident Response team for rapid investigation and remediation support.

Outbreak Alert

An actively targeted vulnerability has been identified in SmarterTools SmarterMail, tracked as CVE-2025-52691, with a CVSS score of 10.0 (Critical). The flaw allows unauthenticated attackers to upload arbitrary files to any location on the mail server, potentially resulting in remote code execution (RCE).

View the full Outbreak Alert Report