Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2025-34424— MailEnable < 10.54 DLL Hijacking via Unsafe Loading of MEAIDP.DLL

EPSS 0.01% · P1
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2025-34424

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
MailEnable < 10.54 DLL Hijacking via Unsafe Loading of MEAIDP.DLL
Source: NVD (National Vulnerability Database)
Vulnerability Description
MailEnable versions prior to 10.54 contain an unsafe DLL loading vulnerability that can lead to local arbitrary code execution. The MailEnable administrative executable attempts to load MEAIDP.DLL from its installation directory without sufficient integrity validation or a secure search order. A local attacker with write access to that directory can plant a malicious MEAIDP.DLL, which is then loaded on execution, resulting in attacker-controlled code running with the privileges of the process.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
对搜索路径元素未加控制
Source: NVD (National Vulnerability Database)
Vulnerability Title
MailEnable 代码问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
MailEnable是澳大利亚MailEnable公司的一个基于 Windows 的商业电子邮件服务器。 MailEnable 10.54之前版本存在代码问题漏洞,该漏洞源于不安全DLL加载,可能导致本地任意代码执行。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
MailEnableMailEnable 0 ~ 10.54 -

II. Public POCs for CVE-2025-34424

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2025-34424

Please Login to view more intelligence information

Same Patch Batch · MailEnable · 2025-12-10 · 11 CVEs total

CVE-2025-34416MailEnable < 10.54 DLL Hijacking via Unsafe Loading of MEAIPO.DLL
CVE-2025-34422MailEnable < 10.54 DLL Hijacking via Unsafe Loading of MEAIPC.DLL
CVE-2025-34420MailEnable < 10.54 DLL Hijacking via Unsafe Loading of MEAIAM.DLL
CVE-2025-34419MailEnable < 10.54 DLL Hijacking via Unsafe Loading of MEAISM.DLL
CVE-2025-34423MailEnable < 10.54 DLL Hijacking via Unsafe Loading of MEAIAU.DLL
CVE-2025-34421MailEnable < 10.54 DLL Hijacking via Unsafe Loading of MEAISP.DLL
CVE-2025-34417MailEnable < 10.54 DLL Hijacking via Unsafe Loading of MEAISO.DLL
CVE-2025-34418MailEnable < 10.54 DLL Hijacking via Unsafe Loading of MEAIMF.DLL
CVE-2025-34427MailEnable < 10.54 Cleartext Credential Storage in AUTH.TAB
CVE-2025-34428MailEnable < 10.54 Cleartext Credential Storage in AUTH.SAV

IV. Related Vulnerabilities

Same product: MailEnable
Same vendor: MailEnable
Same weakness: CWE-427

V. Comments for CVE-2025-34424

No comments yet

Leave a comment