PT-2025-50344 · Mailenable · Mailenable
Mushroomsecteam
·
Publicado
2025-12-10
·
Atualizado
2025-12-14
·
CVE-2025-34420
CVSS v4.0
8.5
Alta
| Vetor | AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
MailEnable versions prior to 10.54
Description
MailEnable versions prior to 10.54 have an unsafe DLL loading issue that could allow a local attacker to run arbitrary code. The MailEnable administrative executable loads
MEAIAM.DLL from the installation directory without proper checks. An attacker with write access to this directory can place a malicious MEAIAM.DLL file, which will then be executed with the privileges of the process.Recommendations
Update MailEnable to version 10.54 or later.
Correção
Uncontrolled Search Path Element
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Mailenable