CVE-2025-34428

UNKNOWN 0.0

MailEnable < 10.54 Cleartext Credential Storage in AUTH.SAV

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

MailEnable versions prior to 10.54 contain a cleartext storage of credentials vulnerability that can lead to local credential compromise and account takeover. The product stores user and administrative passwords in plaintext within AUTH.SAV with overly permissive filesystem access. A local authenticated user with read access to this file can recover all user passwords and super-admin credentials, then use them to authenticate to MailEnable services such as POP3, SMTP, or the webmail interface, enabling unauthorized mailbox access and administrative control.

CWE	CWE-312
Vendor	mailenable
Product	mailenable
Published	Dec 10, 2025
Last Updated	Mar 5, 2026

Stay Ahead of the Next One

Get instant alerts for mailenable mailenable

Be the first to know when new unknown vulnerabilities affecting mailenable mailenable are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

MailEnable / MailEnable

0 < 10.54

References

NVD ↗ CVE.org ↗ EPSS Data ↗

mailenable.com: https://mailenable.com/Standard-ReleaseNotes.txt mailenable.com: https://www.mailenable.com/ vulncheck.com: https://www.vulncheck.com/advisories/mailenable-cleartext-credential-storage-in-auth-sav

Credits

MushroomSecTeam (Spotify, AmirSUN, M30Brad, Hannah Green, av01t3x, PG)