Vulnerability Description
MailEnable versions prior to 10.54 contain a cleartext storage of credentials vulnerability that can lead to local credential compromise and account takeover. The product stores user and administrative passwords in plaintext within AUTH.SAV with overly permissive filesystem access. A local authenticated user with read access to this file can recover all user passwords and super-admin credentials, then use them to authenticate to MailEnable services such as POP3, SMTP, or the webmail interface, enabling unauthorized mailbox access and administrative control.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mailenable | Mailenable | < 10.54 |
Related Weaknesses (CWE)
References
- https://mailenable.com/Standard-ReleaseNotes.txtRelease Notes
- https://www.mailenable.com/Product
- https://www.vulncheck.com/advisories/mailenable-cleartext-credential-storage-in-Third Party Advisory
FAQ
What is CVE-2025-34428?
CVE-2025-34428 is a vulnerability with a CVSS score of 7.8 (HIGH). MailEnable versions prior to 10.54 contain a cleartext storage of credentials vulnerability that can lead to local credential compromise and account takeover. The product stores user and administrativ...
How severe is CVE-2025-34428?
CVE-2025-34428 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-34428?
Check the references section above for vendor advisories and patch information. Affected products include: Mailenable Mailenable.