CVE-2025-34396

Name of the Vulnerable Software and Affected Versions MailEnable versions prior to 10.54

Description MailEnable versions prior to 10.54 have an unsafe DLL loading issue that could allow a local attacker to execute arbitrary code. The MailEnable administrative executable attempts to load MEAINFY.DLL from its application directory without proper validation. If the DLL is missing or an attacker can write to locations in the search path, they can place a malicious MEAINFY.DLL. When the executable is run, it loads the attacker-controlled library and executes code with the process's privileges, potentially leading to local privilege escalation if the process is running with elevated rights.

Recommendations Update MailEnable to version 10.54 or later.