PT-2025-50340 · Mailenable · Mailenable
Mushroomsecteam
·
Published
2025-12-10
·
Updated
2025-12-14
·
CVE-2025-34416
CVSS v4.0
8.5
High
| Vector | AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
MailEnable versions prior to 10.54
Description
MailEnable versions prior to 10.54 have an issue where an unsafe Dynamic Link Library (DLL) loading process can allow a local attacker to execute arbitrary code. The MailEnable administrative executable loads
MEAIPO.DLL from the installation directory without proper validation. An attacker with write access to this directory can place a malicious MEAIPO.DLL file, which will then be executed when the administrative executable starts, granting the attacker the privileges of the process.Recommendations
Update MailEnable to version 10.54 or later.
Fix
Uncontrolled Search Path Element
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Mailenable