watchtowrlabs/watchTowr-vs-SmarterMail-CVE-2025-52691
GitHub: watchtowrlabs/watchTowr-vs-SmarterMail-CVE-2025-52691
针对SmarterMail CVE-2025-52691预认证RCE漏洞的检测artifact生成工具,通过写入标记文件证明漏洞可利用性。
Stars: 18 | Forks: 2
# CVE-2025-52691 SmarterMail 预认证 RCE
SmarterMail Pre-Auth RCE 1day 检测artifact生成工具
# 检测实战
检测artifact生成器尝试将 .aspx 文件写入 `C:\Program Files (x86)\SmarterTools\SmarterMail\Service\App_Data` 目录(build 94xx)或 `C:\Program Files (x86)\SmarterTools\SmarterMail\MRS\App_Data` 目录(build 16)。这不会导致 Remote Code Execution,仅用于证明可利用性。
脚本已在以下环境测试:
* 基于 Windows Server 的安装
* build 94xx 和较旧的 build 16。
部分较旧的 build(如 SmarterMail 15)未经测试。
针对易受攻击实例的示例运行:
```
$ python3 .\watchTowr-vs-SmarterMail-CVE-2025-52691.py -H http://smartermail.lab:9998
__ ___ ___________
__ _ ______ _/ |__ ____ | |_\__ ____\____ _ ________
\ \/ \/ \__ \ ___/ ___\| | \| | / _ \ \/ \/ \_ __ \
\ / / __ \| | \ \___| Y | |( <_> \ / | | \/
\/\_/ (____ |__| \___ |___|__|__ | \__ / \/\_/ |__|
\/ \/ \/
watchTowr-vs-SmarterMail-CVE-2025-52691.py
(*) CVE-2025-52691 Detection Artifact Generator: SmarterMail Path Traversal Leading to Unauthenticated RCE
- Piotr (@chudyPB) and Sina Kheirkhah (@SinSinology) of watchTowr (@watchTowrcyber)
[+] VULNERABLE - file epoyn5_0.aspx got uploaded
```
针对已修补实例的示例运行:
```
$ python3 .\watchTowr-vs-SmarterMail-CVE-2025-52691.py -H http://smartermail.lab:9998
__ ___ ___________
__ _ ______ _/ |__ ____ | |_\__ ____\____ _ ________
\ \/ \/ \__ \ ___/ ___\| | \| | / _ \ \/ \/ \_ __ \
\ / / __ \| | \ \___| Y | |( <_> \ / | | \/
\/\_/ (____ |__| \___ |___|__|__ | \__ / \/\_/ |__|
\/ \/ \/
watchTowr-vs-SmarterMail-CVE-2025-52691.py
(*) CVE-2025-52691 Detection Artifact Generator: SmarterMail Path Traversal Leading to Unauthenticated RCE
- Piotr (@chudyPB) and Sina Kheirkhah (@SinSinology) of watchTowr (@watchTowrcyber)
[-] NOT VULNERABLE - patch applied (INVALID_GUID error message appeared)
```
# 描述
本脚本旨在检测 SmarterMail 是否存在 CVE-2025-52691 Pre-Auth RCE 漏洞。
# 受影响版本
`< SmarterMail 9413`
`<= SmarterMail 16.3.6989.16341`
# 关注 [watchTowr](https://watchTowr.com) Labs
获取最新的安全研究动态,请关注 [watchTowr](https://watchTowr.com) Labs 团队
- https://labs.watchtowr.com/
- https://x.com/watchtowrcyber
标签:1day, CISA项目, CVE-2025-52691, EXP, PFX证书, POC, Pre-Auth RCE, Python, SmarterMail, WatchTowr, Webshell, Windows服务器, 攻击检测, 文件上传, 无后门, 编程工具, 网络信息收集, 网络安全, 路径遍历, 远程代码执行, 逆向工具, 邮件系统, 配置审计, 隐私保护