CVE-2025-34420
BaseFortify
Publication date: 2025-12-10
Last updated on: 2025-12-10
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| mailenable | mailenable | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-427 | The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in MailEnable versions prior to 10.54, where the administrative executable loads a DLL named MEAIAM.DLL from its installation directory without proper integrity checks or a secure search order. A local attacker who has write access to that directory can place a malicious MEAIAM.DLL file, which will be loaded and executed with the privileges of the MailEnable process, allowing arbitrary code execution.
How can this vulnerability impact me? :
If exploited, this vulnerability allows a local attacker to execute arbitrary code with the privileges of the MailEnable administrative process. This could lead to unauthorized actions on the system, potentially compromising system integrity, confidentiality, and availability depending on the privileges of the process.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, immediately update MailEnable to version 10.54 or later. Additionally, restrict write permissions to the MailEnable installation directory to prevent unauthorized users from planting a malicious MEAIAM.DLL file.