Cyber Posture

CVE-2024-48091

High

Published: 07 February 2025

Published
07 February 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0004 12.4th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-48091 is a high-severity Uncontrolled Search Path Element (CWE-427) vulnerability in Tallysolutions (inferred from references). Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique DLL Search Order Hijacking (T1038); ranked at the 12.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and CM-6 (Configuration Settings).

Threat & Defense at a Glance

What attackers do: exploitation maps to DLL Search Order Hijacking (T1038). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Timely application of vendor-provided patches directly remediates the DLL hijacking flaw in TextShaping.dll, preventing arbitrary code execution.

CM-6 Configuration Settings partial match
prevent

Establishing and enforcing secure configuration settings, such as enabling Windows Safe DLL Search Mode, prevents the application from loading malicious DLLs from untrusted searchable paths.

SI-3 Malicious Code Protection partial match
preventdetect

Malicious code protection tools scan directories in DLL search paths and block or detect crafted malicious DLLs before they are loaded by the vulnerable application.

MITRE ATT&CK Enterprise TechniquesAI

T1038 DLL Search Order Hijacking Persistence
Windows systems use a common method to look for required DLLs to load into a program.
attack.mitre.org →
Why these techniques?

CVE directly describes DLL hijacking via uncontrolled search path (CWE-427), enabling arbitrary code execution by placing a malicious DLL.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

Tally Prime Edit Log v2.1 was discovered to contain a DLL hijacking vulnerability via the component TextShaping.dll. This vulnerability allows attackers to execute arbitrary code via a crafted DLL.

Deeper analysisAI

Tally Prime Edit Log v2.1 contains a DLL hijacking vulnerability via the TextShaping.dll component, classified as CVE-2024-48091 and published on 2025-02-07. This issue, mapped to CWE-427, enables attackers to execute arbitrary code by placing a crafted DLL in a searchable path, with a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H), indicating high severity due to its potential for significant impact on confidentiality, integrity, and availability.

The vulnerability requires local access (AV:L) and low attack complexity (AC:L), with no privileges needed (PR:N) but user interaction required (UI:R), such as running the affected application in an environment where the malicious DLL can be loaded. A local attacker could exploit this to gain arbitrary code execution at the user's privilege level, potentially leading to full system compromise if the user has administrative rights.

Mitigation details are referenced in advisories, including a technical gist at https://gist.github.com/singhmanpreet493/0f1df7fa4e744a3317877ab85d187937#file-gistfile1-txt and the official Tally Solutions download page at https://tallysolutions.com/download/, where patches or updates may be available.

Details

CWE(s)
CWE-427

Affected Products

Tallysolutions
inferred from references and description; NVD did not file a CPE for this CVE

CVEs Like This One

CVE-2024-9498Shared CWE-427
CVE-2026-3775Shared CWE-427
CVE-2026-7279Shared CWE-427
CVE-2024-9497Shared CWE-427
CVE-2026-22561Shared CWE-427
CVE-2025-65118Shared CWE-427
CVE-2024-9499Shared CWE-427
CVE-2026-22619Shared CWE-427
CVE-2024-9494Shared CWE-427
CVE-2026-24502Shared CWE-427

References