Unsafe DLL Loading in MailEnable by MailEnable, Exposing Local Code Execution Risks
CVE-2025-34420

8.5HIGH

Key Information:

Vendor

Mailenable

Status
Mailenable
Vendor
CVE Published:
10 December 2025

What is CVE-2025-34420?

MailEnable versions prior to 10.54 exhibit a vulnerability where the MailEnable administrative executable improperly loads the MEAIAM.DLL file from its installation directory. This lack of integrity validation and improper search order allows local attackers with write access to the directory to replace the legitimate DLL with a malicious version. Upon execution, the compromised DLL can lead to arbitrary code execution, potentially enabling attackers to execute code with the same privileges as the MailEnable process.

Affected Version(s)

MailEnable 0 < 10.54

References

https://mailenable.com/Standard-ReleaseNotes.txt
release-notespatch
https://www.mailenable.com/
product
https://www.vulncheck.com/advisories/mailenable-dll-hijac...
third-party-advisory

CVSS V4

Score:
8.5
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

MushroomSecTeam (Spotify, AmirSUN, M30Brad, Hannah Green, av01t3x, PG)
JSON
.
CVE-2025-34420 : Unsafe DLL Loading in MailEnable by MailEnable, Exposing Local Code Execution Risks