CVE-2025-34424
HIGHMailEnable < 10.54 - Uncontrolled Search Path Element via MEAIDP.DLL Loading
Title source: llmDescription
MailEnable versions prior to 10.54 contain an unsafe DLL loading vulnerability that can lead to local arbitrary code execution. The MailEnable administrative executable attempts to load MEAIDP.DLL from its installation directory without sufficient integrity validation or a secure search order. A local attacker with write access to that directory can plant a malicious MEAIDP.DLL, which is then loaded on execution, resulting in attacker-controlled code running with the privileges of the process.
References (3)
Core 3
Core References
Release Notes release-notes
patch
https://mailenable.com/Standard-ReleaseNotes.txt
Product product
https://www.mailenable.com/
Third Party Advisory third-party-advisory
https://www.vulncheck.com/advisories/mailenable-dll-hijacking-via-unsafe-loading-of-meaidp-dll
Scores
CVSS v3
7.8
EPSS
0.0014
EPSS Percentile
4.0%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-427
Status
published
Products (2)
mailenable/mailenable
< 10.54
MailEnable/MailEnable
< 10.54
Published
Dec 10, 2025
Tracked Since
Feb 18, 2026