CVE-2025-34423 PUBLISHED

MailEnable < 10.54 DLL Hijacking via Unsafe Loading of MEAIAU.DLL

Assigner: VulnCheck
Reserved: 15.04.2025 Published: 10.12.2025 Updated: 10.12.2025

MailEnable versions prior to 10.54 contain an unsafe DLL loading vulnerability that can lead to local arbitrary code execution. The MailEnable administrative executable attempts to load MEAIAU.DLL from its installation directory without sufficient integrity validation or a secure search order. A local attacker with write access to that directory can plant a malicious MEAIAU.DLL, which is then loaded on execution, resulting in attacker-controlled code running with the privileges of the process.

Metrics

CVSS 4.0

CVSS Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CVSS Score: 8.5

Exploitability Metrics		Vulnerable System Impact Metrics		Subsequent System Impact Metrics
Attack Vector	Local	Confidentiality	High	Confidentiality	None
Attack Complexity	Low	Integrity	High	Integrity	None
Attack Requirements	None	Availability	High	Availability	None
Privileges Required	Low
User Interaction	None

CVSS 4.0

Product Status

Vendor	MailEnable
Product	MailEnable
Versions	Default: unaffected affected from 0 to 10.54 (excl.)

CVE-2025-34423 PUBLISHED

MailEnable < 10.54 DLL Hijacking via Unsafe Loading of MEAIAU.DLL

Metrics

Product Status

Credits

References

Problem Types