CVE-2025-34417
BaseFortify
Publication date: 2025-12-10
Last updated on: 2025-12-10
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| mailenable | mailenable | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-427 | The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in MailEnable versions prior to 10.54 and involves unsafe DLL loading. The MailEnable administrative executable tries to load a DLL named MEAISO.DLL from its installation directory without properly validating its integrity or using a secure search order. A local attacker who has write access to that directory can place a malicious MEAISO.DLL file there. When the executable starts, it loads this malicious DLL, leading to execution of attacker-controlled code with the same privileges as the process.
How can this vulnerability impact me? :
This vulnerability can allow a local attacker with write access to the MailEnable installation directory to execute arbitrary code with the privileges of the MailEnable administrative process. This could lead to unauthorized actions on the affected system, potentially compromising system integrity, confidentiality, and availability.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, ensure that only trusted users have write access to the MailEnable installation directory to prevent planting of malicious MEAISO.DLL files. Additionally, update MailEnable to version 10.54 or later where this vulnerability is fixed.