CVE-2025-34423
BaseFortify
Publication date: 2025-12-10
Last updated on: 2025-12-10
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| mailenable | mailenable | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-427 | The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in MailEnable versions prior to 10.54 where the administrative executable loads a DLL named MEAIAU.DLL from its installation directory without proper integrity checks or secure search order. A local attacker who has write access to that directory can place a malicious MEAIAU.DLL file, which will be loaded by the executable, allowing the attacker to execute arbitrary code with the privileges of the process.
How can this vulnerability impact me? :
The vulnerability can lead to local arbitrary code execution by an attacker with write access to the installation directory. This means the attacker can run malicious code with the same privileges as the MailEnable administrative process, potentially compromising the system, escalating privileges, or causing other malicious effects.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, ensure that you upgrade MailEnable to version 10.54 or later, which addresses the unsafe DLL loading issue. Additionally, restrict write permissions to the MailEnable installation directory to prevent unauthorized users from placing malicious DLL files.