Local Code Execution Vulnerability in MailEnable by MailEnable
CVE-2025-34396

8.5HIGH

Key Information:

Vendor

Mailenable

Status
Mailenable
Vendor
CVE Published:
9 December 2025

What is CVE-2025-34396?

MailEnable prior to version 10.54 is susceptible to an unsafe DLL loading vulnerability that can allow local attackers to execute arbitrary code. The administrative executable of MailEnable attempts to load the MEAINFY.DLL file without enforcing strict integrity checks or a secure search order. If this file is not present, or if writable directories are exploited, an attacker can introduce a malicious MEAINFY.DLL file into the application's search path. Upon execution of the administrative executable, the attacker-controlled library is loaded and executed with the privileges of the MailEnable process, potentially allowing for local privilege escalation when run with elevated permissions.

Affected Version(s)

MailEnable 0 < 10.54

References

https://mailenable.com/Standard-ReleaseNotes.txt
release-notespatch
https://www.mailenable.com/
product
https://www.vulncheck.com/advisories/mailenable-dll-hijac...
third-party-advisory

CVSS V4

Score:
8.5
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

MushroomSecTeam (Spotify, AmirSUN, M30Brad, Hannah Green, av01t3x, PG)
JSON
.