PT-2025-50345 · Mailenable · Mailenable
Mushroomsecteam
·
Published
2025-12-10
·
Updated
2025-12-14
·
CVE-2025-34421
CVSS v4.0
8.5
High
| Vector | AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
MailEnable versions prior to 10.54
Description
MailEnable versions prior to 10.54 have an issue where the software loads DLLs unsafely, potentially allowing a local attacker to run arbitrary code. The MailEnable administrative executable loads
MEAISP.DLL from the installation directory without proper checks. An attacker with write access to this directory can place a malicious MEAISP.DLL file, which will then be executed with the privileges of the process.Recommendations
Update MailEnable to version 10.54 or later.
Fix
Uncontrolled Search Path Element
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Mailenable