Detection for CVE-2025-52691

SmarterMail Build 9406 and earlier is vulnerable to arbitrary file upload. An unauthenticated attacker can upload arbitrary files to any location on the mail server, potentially enabling remote code execution.

How does this detection method work?

Sends a GET request to /interface/root#/login, confirms SmarterMail is present via the ng-app="smartermail" directive, extracts the version and build number from the stProductVersion JavaScript variable, and flags instances as vulnerable if the build number is less than or equal to 9406 as per csa.gov.sg’s alert:

The vulnerability affects SmarterMail versions Build 9406 and earlier.

How do I run this script?

1. Download and install Nuclei.
2. Clone this repostory to your local system.
3. Run the following command:

1

nuclei -u <ip|fqdn> -t template.yaml

Or if you would like to scan a list of hosts, execute:

1

nuclei -l <list.txt> -t template.yaml

Example Output

References

• https://www.csa.gov.sg/alerts-and-advisories/alerts/al-2025-124
• https://www.smartertools.com/smartermail
• https://github.com/projectdiscovery/nuclei

Disclaimer

Use at your own risk, I will not be responsible for illegal activities you conduct on infrastructure you do not own or have permission to scan.

License

This project is licensed under the MIT License.

Contact

If you have any questions about this vulnerability detection script please reach out to me via Signal. If you would like to connect, I am mostly active on Twitter/X and LinkedIn.