CVE-2025-34417 PUBLISHED

MailEnable < 10.54 DLL Hijacking via Unsafe Loading of MEAISO.DLL

Assigner: VulnCheck
Reserved: 15.04.2025 Published: 10.12.2025 Updated: 10.12.2025

MailEnable versions prior to 10.54 contain an unsafe DLL loading vulnerability that can lead to local arbitrary code execution. The MailEnable administrative executable attempts to load MEAISO.DLL from its installation directory without sufficient integrity validation or a secure search order. A local attacker with write access to that directory can plant a malicious MEAISO.DLL, which is then loaded when the executable starts, resulting in execution of attacker-controlled code with the privileges of the process.

Metrics

CVSS 4.0

CVSS Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CVSS Score: 8.5

Exploitability Metrics		Vulnerable System Impact Metrics		Subsequent System Impact Metrics
Attack Vector	Local	Confidentiality	High	Confidentiality	None
Attack Complexity	Low	Integrity	High	Integrity	None
Attack Requirements	None	Availability	High	Availability	None
Privileges Required	Low
User Interaction	None

CVSS 4.0

Product Status

Vendor	MailEnable
Product	MailEnable
Versions	Default: unaffected affected from 0 to 10.54 (excl.)

CVE-2025-34417 PUBLISHED

MailEnable < 10.54 DLL Hijacking via Unsafe Loading of MEAISO.DLL

Metrics

Product Status

Credits

References

Problem Types