好的,我现在需要帮用户总结这篇文章的内容,控制在100个字以内。首先,我得通读整篇文章,抓住主要信息。 文章主要讲的是新加坡网络安全局(CSA)警告了一个严重的漏洞,CVE-2025-52691,属于SmarterMail软件。这个漏洞的CVSS评分为10.0,是最高级别的严重性。攻击者可以利用这个漏洞上传任意文件到邮件服务器,进而执行远程代码。影响的版本是Build 9406及以下,CSA建议升级到Build 9413。漏洞是由Chua Meng Han披露的。 接下来,我需要把这些信息浓缩成一句话,不超过100字。要包括CSA警告、漏洞名称、影响版本、攻击方式和建议措施。 可能的结构是:CSA警告SmarterMail漏洞(CVE-...),允许未认证攻击者上传文件并执行代码,影响旧版本,建议升级。 这样就能在有限的字数内涵盖所有关键点。 </think> 新加坡网络安全局警告SmarterMail存在严重漏洞(CVE-2025-52691),允许未认证攻击者上传任意文件并执行远程代码,影响Build 9406及以下版本,建议升级至Build 9413以修复问题。 2025-12-31 14:23:11 Author: securityaffairs.com(查看原文) 阅读量:4 收藏
Singapore CSA warns of maximun severity SmarterMail RCE flaw
Pierluigi Paganini
December 31, 2025
Singapore’s CSA warns of CVE-2025-52691, a critical SmarterMail flaw enabling unauthenticated remote code execution via arbitrary file upload.
Singapore’s Cyber Security Agency of Singapore (CSA) warns of a maximum severity flaw, tracked as CVE-2025-52691 (CVSS score of 10.0), in SmarterMail. The vulnerability enables unauthenticated remote code execution via arbitrary file upload.
“Successful exploitation of the vulnerability could allow an unauthenticated attacker to upload arbitrary files to any location on the mail server, potentially enabling remote code execution.” reads CSA’s advisory.
SmarterMail is a commercial email server software developed by SmarterTools.
It’s used by businesses, hosting providers, and ISPs to run their own mail servers instead of relying on cloud services like Microsoft 365 or Google Workspace.
The vulnerability impacts SmarterMail versions Build 9406 and earlier, CSA recommends users and administrators of affected product versions to update to SmarterMail version Build 9413 immediately.
Mr Chua Meng Han from the Centre for Strategic Infocomm Technologies (CSIT) responsibly disclosed the vulnerability.
At this time, it is unclear if the flaw is being exploited in attacks in the wild.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, CSA)
如有侵权请联系:admin#unsafe.sh