PT-2025-50344 · Mailenable · Mailenable
Mushroomsecteam
·
Published
2025-12-10
·
Updated
2025-12-14
·
CVE-2025-34420
CVSS v4.0
8.5
High
| Vector | AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
MailEnable versions prior to 10.54
Description
MailEnable versions prior to 10.54 have an unsafe DLL loading issue that could allow a local attacker to run arbitrary code. The MailEnable administrative executable loads
MEAIAM.DLL from the installation directory without proper checks. An attacker with write access to this directory can place a malicious MEAIAM.DLL file, which will then be executed with the privileges of the process.Recommendations
Update MailEnable to version 10.54 or later.
Fix
Uncontrolled Search Path Element
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Mailenable