CVE-2025-34416
BaseFortify
Publication date: 2025-12-10
Last updated on: 2025-12-10
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| mailenable | mailenable | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-427 | The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in MailEnable versions prior to 10.54, where the administrative executable loads a DLL named MEAIPO.DLL from its installation directory without proper integrity checks or a secure search order. A local attacker who has write access to that directory can place a malicious MEAIPO.DLL file, which will be loaded by the executable, allowing the attacker to execute arbitrary code with the privileges of the process.
How can this vulnerability impact me? :
The vulnerability can lead to local arbitrary code execution by an attacker with write access to the installation directory. This means an attacker could run malicious code with the same privileges as the MailEnable administrative process, potentially compromising the system or gaining elevated access.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, immediately restrict write permissions to the MailEnable installation directory to prevent unauthorized users from placing a malicious MEAIPO.DLL. Additionally, update MailEnable to version 10.54 or later where this issue is fixed. Avoid running the administrative executable with elevated privileges unless necessary.