Cyber Resilience

CVE-2024-48091

High

Published: 07 February 2025

Published
07 February 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0018 7.8th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2024-48091 is a high-severity Uncontrolled Search Path Element (CWE-427) vulnerability in Tallysolutions (inferred from references). Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique DLL (T1574.001); ranked at the 7.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and CM-6 (Configuration Settings).

Deeper analysis

Tally Prime Edit Log v2.1 contains a DLL hijacking vulnerability via the TextShaping.dll component, classified as CVE-2024-48091 and published on 2025-02-07. This issue, mapped to CWE-427, enables attackers to execute arbitrary code by placing a crafted DLL in a searchable path, with a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H), indicating high severity due to its potential for significant impact on confidentiality, integrity, and availability.

The vulnerability requires local access (AV:L) and low attack complexity (AC:L), with no privileges needed (PR:N) but user interaction required (UI:R), such as running the affected application in an environment where the malicious DLL can be loaded. A local attacker could exploit this to gain arbitrary code execution at the user's privilege level, potentially leading to full system compromise if the user has administrative rights.

Mitigation details are referenced in advisories, including a technical gist at https://gist.github.com/singhmanpreet493/0f1df7fa4e744a3317877ab85d187937#file-gistfile1-txt and the official Tally Solutions download page at https://tallysolutions.com/download/, where patches or updates may be available.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

Tally Prime Edit Log v2.1 was discovered to contain a DLL hijacking vulnerability via the component TextShaping.dll. This vulnerability allows attackers to execute arbitrary code via a crafted DLL.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1574.001 DLL Stealth
Adversaries may abuse dynamic-link library files (DLLs) in order to achieve persistence, escalate privileges, and evade defenses.
Why these techniques?

CVE directly describes DLL hijacking via uncontrolled search path (CWE-427), enabling arbitrary code execution by placing a malicious DLL.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-7279Shared CWE-427
CVE-2024-9497Shared CWE-427
CVE-2026-22619Shared CWE-427
CVE-2026-3775Shared CWE-427
CVE-2025-65118Shared CWE-427
CVE-2024-53588Shared CWE-427
CVE-2026-22561Shared CWE-427
CVE-2024-9494Shared CWE-427
CVE-2024-9499Shared CWE-427
CVE-2023-31361Shared CWE-427

Affected Assets

Tallysolutions
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Timely application of vendor-provided patches directly remediates the DLL hijacking flaw in TextShaping.dll, preventing arbitrary code execution.

prevent

Establishing and enforcing secure configuration settings, such as enabling Windows Safe DLL Search Mode, prevents the application from loading malicious DLLs from untrusted searchable paths.

preventdetect

Malicious code protection tools scan directories in DLL search paths and block or detect crafted malicious DLLs before they are loaded by the vulnerable application.

References