CVE-2025-34422

UNKNOWN 0.0

MailEnable < 10.54 DLL Hijacking via Unsafe Loading of MEAIPC.DLL

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

MailEnable versions prior to 10.54 contain an unsafe DLL loading vulnerability that can lead to local arbitrary code execution. The MailEnable administrative executable attempts to load MEAIPC.DLL from its installation directory without sufficient integrity validation or a secure search order. A local attacker with write access to that directory can plant a malicious MEAIPC.DLL, which is then loaded on execution, resulting in attacker-controlled code running with the privileges of the process.

CWE	CWE-427
Vendor	mailenable
Product	mailenable
Published	Dec 10, 2025
Last Updated	Mar 5, 2026

Stay Ahead of the Next One

Get instant alerts for mailenable mailenable

Be the first to know when new unknown vulnerabilities affecting mailenable mailenable are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

MailEnable / MailEnable

0 < 10.54

References

NVD ↗ CVE.org ↗ EPSS Data ↗

mailenable.com: https://mailenable.com/Standard-ReleaseNotes.txt mailenable.com: https://www.mailenable.com/ vulncheck.com: https://www.vulncheck.com/advisories/mailenable-dll-hijacking-via-unsafe-loading-of-meaipc-dll

Credits

MushroomSecTeam (Spotify, AmirSUN, M30Brad, Hannah Green, av01t3x, PG)