PT-2025-50347 · Mailenable · Mailenable
Mushroomsecteam
·
Published
2025-12-10
·
Updated
2025-12-14
·
CVE-2025-34423
CVSS v4.0
8.5
High
| Vector | AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
MailEnable versions prior to 10.54
Description
MailEnable versions prior to 10.54 have an unsafe DLL loading issue that could allow a local attacker to execute arbitrary code. The MailEnable administrative executable loads
MEAIAU.DLL from the installation directory without proper validation. An attacker with write access to this directory can place a malicious MEAIAU.DLL file, which will then be executed with the privileges of the process.Recommendations
Update MailEnable to version 10.54 or later.
Fix
Uncontrolled Search Path Element
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Mailenable