MailEnable < 10.54 DLL Hijacking via Unsafe Loading of MEAIPO.DLL

8.5 / 10

HIGH

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Description

MailEnable versions prior to 10.54 contain an unsafe DLL loading vulnerability that can lead to local arbitrary code execution. The MailEnable administrative executable attempts to load MEAIPO.DLL from its installation directory without sufficient integrity validation or a secure search order. A local attacker with write access to that directory can plant a malicious MEAIPO.DLL, which is then loaded when the executable starts, resulting in execution of attacker-controlled code with the privileges of the process.

AI Analysis

MailEnable contains an unsafe DLL loading vulnerability that can lead to local arbitrary code execution

Basic Information

ID CVE-2025-34416

Source VulnCheck

Published Dec 10, 2025 at 16:09

Affected Product

Vendor MailEnable

Product MailEnable

Affected Versions MailEnable MailEnable 0

CWE Classification

CWE-427

AI Assessment

AI Score 8.5 / 10

AI Severity High

Vendor MailEnable

Product MailEnable

Version < 10.54

References

{
    "lastseen": "",
    "description": "MailEnable versions prior to 10.54 contain an unsafe DLL loading vulnerability that can lead to local arbitrary code execution. The MailEnable administrative executable attempts to load MEAIPO.DLL from its installation directory without sufficient integrity validation or a secure search order. A local attacker with write access to that directory can plant a malicious MEAIPO.DLL, which is then loaded when the executable starts, resulting in execution of attacker-controlled code with the privileges of the process.",
    "published": "2025-12-10T16:09:21.308Z",
    "modified": "2025-12-10T16:09:21.308Z",
    "type": "cve",
    "title": "MailEnable < 10.54 DLL Hijacking via Unsafe Loading of MEAIPO.DLL",
    "source": "VulnCheck",
    "references": "https://mailenable.com/Standard-ReleaseNotes.txt\nhttps://www.mailenable.com/\nhttps://www.vulncheck.com/advisories/mailenable-dll-hijacking-via-unsafe-loading-of-meaipo-dll",
    "id": "CVE-2025-34416",
    "bulletinFamily": "",
    "cwe": [
        "CWE-427"
    ],
    "cvelist": null,
    "sourceData": "MailEnable MailEnable 0",
    "sourceHref": "",
    "cvss": {
        "score": 8.5,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "MailEnable",
    "version": "0",
    "vendor": "MailEnable",
    "ai_description": "MailEnable contains an unsafe DLL loading vulnerability that can lead to local arbitrary code execution",
    "ai_severity": "High",
    "ai_vendor": "MailEnable",
    "ai_product": "MailEnable",
    "ai_version": "< 10.54",
    "ai_score": 8.5
}

MailEnable < 10.54 DLL Hijacking via Unsafe Loading of MEAIPO.DLL_CVE-2025-34416