Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2025-34427— MailEnable < 10.54 Cleartext Credential Storage in AUTH.TAB

EPSS 0.00% · P0
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2025-34427

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
MailEnable < 10.54 Cleartext Credential Storage in AUTH.TAB
Source: NVD (National Vulnerability Database)
Vulnerability Description
MailEnable versions prior to 10.54 contain a cleartext storage of credentials vulnerability that can lead to local credential compromise and account takeover. The product stores user and administrative passwords in plaintext within AUTH.TAB with overly permissive filesystem access. A local authenticated user with read access to this file can recover all user passwords and super-admin credentials, then use them to authenticate to MailEnable services such as POP3, SMTP, or the webmail interface, enabling unauthorized mailbox access and administrative control.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
敏感数据的明文存储
Source: NVD (National Vulnerability Database)
Vulnerability Title
MailEnable 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
MailEnable是澳大利亚MailEnable公司的一个基于 Windows 的商业电子邮件服务器。 MailEnable 10.54之前版本存在安全漏洞,该漏洞源于明文存储凭据,可能导致本地凭据泄露和账户接管。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
MailEnableMailEnable 0 ~ 10.54 -

II. Public POCs for CVE-2025-34427

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2025-34427

登录查看更多情报信息。

Same Patch Batch · MailEnable · 2025-12-10 · 11 CVEs total

CVE-2025-34416MailEnable < 10.54 DLL Hijacking via Unsafe Loading of MEAIPO.DLL
CVE-2025-34422MailEnable < 10.54 DLL Hijacking via Unsafe Loading of MEAIPC.DLL
CVE-2025-34420MailEnable < 10.54 DLL Hijacking via Unsafe Loading of MEAIAM.DLL
CVE-2025-34419MailEnable < 10.54 DLL Hijacking via Unsafe Loading of MEAISM.DLL
CVE-2025-34423MailEnable < 10.54 DLL Hijacking via Unsafe Loading of MEAIAU.DLL
CVE-2025-34421MailEnable < 10.54 DLL Hijacking via Unsafe Loading of MEAISP.DLL
CVE-2025-34417MailEnable < 10.54 DLL Hijacking via Unsafe Loading of MEAISO.DLL
CVE-2025-34424MailEnable < 10.54 DLL Hijacking via Unsafe Loading of MEAIDP.DLL
CVE-2025-34418MailEnable < 10.54 DLL Hijacking via Unsafe Loading of MEAIMF.DLL
CVE-2025-34428MailEnable < 10.54 Cleartext Credential Storage in AUTH.SAV

IV. Related Vulnerabilities

Same product: MailEnable
Same vendor: MailEnable
Same weakness: CWE-312

V. Comments for CVE-2025-34427

No comments yet

Leave a comment