Unsafe DLL Loading Vulnerability in MailEnable by MailEnable
CVE-2025-34417

8.5HIGH

Key Information:

Vendor

Mailenable

Status
Mailenable
Vendor
CVE Published:
10 December 2025

What is CVE-2025-34417?

MailEnable versions prior to 10.54 are susceptible to a vulnerability that allows local arbitrary code execution due to unsafe DLL loading practices. The administrative executable of MailEnable improperly loads MEAISO.DLL from its installation directory without adequate integrity checks or a secure search order. This negligence permits a local attacker, possessing write-access to the directory, to introduce a malicious MEAISO.DLL file. Once the administrative executable is initiated, it unwittingly loads the compromised DLL, thus executing attacker-controlled code with the privileges of the process, potentially leading to significant security breaches.

Affected Version(s)

MailEnable 0 < 10.54

References

https://mailenable.com/Standard-ReleaseNotes.txt
release-notespatch
https://www.mailenable.com/
product
https://www.vulncheck.com/advisories/mailenable-dll-hijac...
third-party-advisory

CVSS V4

Score:
8.5
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

MushroomSecTeam (Spotify, AmirSUN, M30Brad, Hannah Green, av01t3x, PG)
JSON
.
CVE-2025-34417 : Unsafe DLL Loading Vulnerability in MailEnable by MailEnable