CVE-2025-34421
BaseFortify
Publication date: 2025-12-10
Last updated on: 2025-12-10
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| mailenable | mailenable | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-427 | The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in MailEnable versions prior to 10.54, where the administrative executable loads a DLL named MEAISP.DLL from its installation directory without proper integrity checks or secure search order. A local attacker with write access to that directory can place a malicious MEAISP.DLL, which will be loaded and executed with the privileges of the MailEnable process, allowing arbitrary code execution.
How can this vulnerability impact me? :
If exploited, this vulnerability allows a local attacker to execute arbitrary code with the privileges of the MailEnable administrative process. This can lead to unauthorized actions on the system, potentially compromising system integrity, confidentiality, and availability.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, immediately restrict write access to the MailEnable installation directory to trusted users only, preventing local attackers from planting a malicious MEAISP.DLL. Additionally, upgrade MailEnable to version 10.54 or later where this issue is fixed.