CVE-2024-53407
Published: 15 January 2025
Summary
CVE-2024-53407 is a low-severity Untrusted Search Path (CWE-426) vulnerability in Phiewer Phiewer. Its CVSS base score is 3.3 (Low).
Operationally, exploitation aligns with the MITRE ATT&CK technique Dynamic-link Library Injection (T1055.001); ranked in the top 10.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-51962
Vulnerability details
In Phiewer 4.1.0, a dylib injection leads to Command Execution which allow attackers to inject dylib file potentially leading to remote control and unauthorized access to sensitive user data.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability enables dylib injection via DYLD_INSERT_LIBRARIES in the Phiewer macOS application (T1055.001: Dynamic-link Library Injection) and allows exploitation of the client application for code execution (T1203: Exploitation for Client Execution).
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.