SmarterMail Version Enumeration: Threat Actors Building Target Lists Post-CVE-2025-52691
ID: a4e6e6fc-2289-51e0-a766-1f629beafb9b
STIX ID: report--a4e6e6fc-2289-51e0-a766-1f629beafb9b
Feed Name: GreyNoise Labs
A critical unauthenticated arbitrary file upload vulnerability (CVE-2025-52691, CVSS 10.0) affecting SmarterMail Build 9406 and earlier was disclosed; GreyNoise observed a coordinated reconnaissance campaign on January 12, 2026 performing 5,541 sessions against /api/v1/licensing/about to enumerate versions, originating from 14 DigitalOcean IPs and exhibiting consistent JA4H/JA4T fingerprints—this activity appears to be scanning/reconnaissance (no exploitation observed) and the report includes IoCs, timing, and mitigation advice to upgrade to Build 9407 or block/rate-limit the endpoint.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.