Skip to main content
A Singapore Government Agency Website How to identify
Official website links end with .gov.sg
Government agencies communicate via .gov.sg websites (e.g. go.gov.sg/open). Trusted websites
Secure websites use HTTPS
Look for a lock () or https:// as an added precaution. Share sensitive information only on official, secure websites.

Government officials will never ask you to transfer money or disclose bank log-in details over a phone call.

Call the 24/7 ScamShield Helpline at 1799 if you are unsure if something is a scam.

Cyber Security Agency of Singapore
Alerts

Vulnerability in SmarterTools Software

29 December 2025

SmarterTools has released security updates to address a vulnerability in their SmarterMail software. Users and administrators of affected product versions are advised to update to SmarterMail version Build 9413 immediately.

Background

SmarterTools has released security updates to address a vulnerability (CVE-2025-52691) in their SmarterMail software. The vulnerability has a Common Vulnerability Scoring System (CVSS3.1) score of 10 out of 10.

Impact

Successful exploitation of the vulnerability could allow an unauthenticated attacker to upload arbitrary files to any location on the mail server, potentially enabling remote code execution.

Affected Products

The vulnerability affects SmarterMail versions Build 9406 and earlier.

Mitigation

Users and administrators of affected product versions are advised to update to SmarterMail version Build 9413 immediately.

Credits

CSA would like to express appreciation to Mr Chua Meng Han from the Centre for Strategic Infocomm Technologies (CSIT) for discovering the vulnerability.

Additionally, CSA would like to thank SmarterTools Inc. for their collaboration on the coordinated disclosure of the vulnerability.


Back to top