CVE-2025-34428 – MailEnable versions before 10.54 store user and... (How to Fix)

Q: What is the severity of CVE-2025-34428?

CVE-2025-34428 has a CVSS score of 7.8 (HIGH). MailEnable versions before 10.54 store user and administrative passwords in plaintext within the AUTH.SAV file with overly permissive filesystem permissions. This allows any local authenticated user with read access to recover all passwords and use them to access mail services or gain administrative control. Organizations running vulnerable MailEnable versions are affected.

📋 TL;DR

MailEnable versions before 10.54 store user and administrative passwords in plaintext within the AUTH.SAV file with overly permissive filesystem permissions. This allows any local authenticated user with read access to recover all passwords and use them to access mail services or gain administrative control. Organizations running vulnerable MailEnable versions are affected.

💻 Affected Systems

Products:

MailEnable

Versions: All versions prior to 10.54

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: The vulnerability exists in the default configuration where AUTH.SAV file permissions allow local authenticated users read access.

📦 What is this software?

Mailenable by Mailenable

View all CVEs affecting Mailenable →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of all mail accounts, administrative takeover of MailEnable services, and potential lateral movement using stolen credentials across the network.

🟠

Likely Case

Local authenticated users accessing other users' mailboxes, reading sensitive emails, and potentially escalating privileges to administrative control.

🟢

If Mitigated

Limited to users who already have local authenticated access, but still enables credential theft and privilege escalation within the mail system.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires local authenticated access but is trivial once that access is obtained - simply reading the AUTH.SAV file reveals all credentials.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 10.54

Vendor Advisory: https://mailenable.com/Standard-ReleaseNotes.txt

Restart Required: Yes

Instructions:

1. Download MailEnable version 10.54 or later from the official website. 2. Run the installer to upgrade. 3. Restart MailEnable services. 4. Verify the AUTH.SAV file now contains encrypted credentials.

🔧 Temporary Workarounds

Restrict AUTH.SAV file permissions

windows

Modify filesystem permissions on the AUTH.SAV file to restrict read access to only necessary system accounts.

icacls "C:\Program Files\Mail Enable\Config\AUTH.SAV" /inheritance:r
icacls "C:\Program Files\Mail Enable\Config\AUTH.SAV" /grant SYSTEM:F
icacls "C:\Program Files\Mail Enable\Config\AUTH.SAV" /grant "MailEnable Service Account":R

🧯 If You Can't Patch

Implement strict access controls to limit which users have local authenticated access to MailEnable servers.
Monitor access to the AUTH.SAV file using Windows audit logging and alert on any unauthorized read attempts.

🔍 How to Verify

Check if Vulnerable:

Check if MailEnable version is below 10.54 and examine the AUTH.SAV file for plaintext passwords.

Check Version:

Check MailEnable version in the web admin interface or examine the installation directory for version information.

Verify Fix Applied:

After upgrading to 10.54+, verify that passwords in AUTH.SAV are encrypted and not in plaintext.

📡 Detection & Monitoring

Log Indicators:

Multiple failed authentication attempts followed by successful logins from unusual locations
Unusual access patterns to mail services from previously unused accounts

Network Indicators:

POP3/SMTP/webmail authentication from unexpected IP addresses
Administrative interface access from non-admin users

SIEM Query:

source="windows_security" EventID=4663 ObjectName="*AUTH.SAV*" AccessMask=0x1

📊 Metadata

CVE ID: CVE-2025-34428

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-312

EPSS Score: 0% exploit probability (0.1th percentile)

Published: December 10, 2025

Last Updated: December 17, 2025

🔗 References

https://mailenable.com/Standard-ReleaseNotes.txt Release Notes
https://www.mailenable.com/ Product
https://www.vulncheck.com/advisories/mailenable-cleartext-credential-storage-in-auth-sav Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-34428, you might also want to check these: