216.73.217.22

CVE-2025-34428

· Published 10/12/2025 19:16 · Modified 17/12/2025 17:00

Labels: CVE-2025-34428 2025-12-10CVE-2025-34428CWE-312[email protected]

Essential information

Published
10/12/2025 19:16
Modified
17/12/2025 17:00
Author
Creator
CVSS
8.4 HIGH (v3) 8.4 HIGH (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

MailEnable versions prior to 10.54 contain a cleartext storage of credentials vulnerability that can lead to local credential compromise and account takeover. The product stores user and administrative passwords in plaintext within AUTH.SAV with overly permissive filesystem access. A local authenticated user with read access to this file can recover all user passwords and super-admin credentials, then use them to authenticate to MailEnable services such as POP3, SMTP, or the webmail interface, enabling unauthorized mailbox access and administrative control.

NVD status

Status
Analyzed — CVE has had analysis completed and all data associations made.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
mailenable / mailenable cpe:2.3:a:mailenable:mailenable:*:*:*:*:standard:*:*:*

References