CVE-2024-53588

High

Published: 23 January 2025

Published

23 January 2025

Modified

15 April 2026

KEV Added

—

Patch

—

CVSS Score 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS Score 0.0004 13.2th percentile

Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-53588 is a high-severity Uncontrolled Search Path Element (CWE-427) vulnerability. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique DLL Search Order Hijacking (T1038); ranked at the 13.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 CM-10 (Software Usage Restrictions) and CM-14 (Signed Components).

Threat & Defense at a Glance

What attackers do: exploitation maps to DLL Search Order Hijacking (T1038) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Directly remediates the DLL hijacking flaw in iTop VPN by identifying, reporting, and correcting the untrusted search path vulnerability.

CM-10 Software Usage Restrictions good match

prevent

Enforces software whitelisting or blacklisting to prevent execution of attacker-placed malicious DLLs in untrusted paths like ProgramData.

CM-14 Signed Components good match

prevent

Requires digital signatures for software components such as DLLs, blocking loading of unsigned malicious files exploited in this hijacking.

MITRE ATT&CK Enterprise TechniquesAI

T1038 DLL Search Order Hijacking Persistence

Windows systems use a common method to look for required DLLs to load into a program.

attack.mitre.org →

T1574.001 DLL Stealth

Adversaries may abuse dynamic-link library files (DLLs) in order to achieve persistence, escalate privileges, and evade defenses.

attack.mitre.org →

Why these techniques?

Direct DLL hijacking via untrusted search path (CWE-427) enables arbitrary code execution on application launch.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

A DLL hijacking vulnerability in iTop VPN v16.0 allows attackers to execute arbitrary code via placing a crafted DLL file into the path \ProgramData\iTop VPN\Downloader\vpn6.

Deeper analysisAI

CVE-2024-53588 is a DLL hijacking vulnerability in iTop VPN version 16.0. The issue allows attackers to execute arbitrary code by placing a crafted DLL file into the path \ProgramData\iTop VPN\Downloader\vpn6. It is classified under CWE-427 (Untrusted Search Path) and received a CVSS v3.1 base score of 7.8 (High), with the vector AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H.

A local attacker requires no privileges and can exploit the vulnerability with low attack complexity, though user interaction is needed, such as launching the iTop VPN application. Upon successful exploitation, the attacker achieves high impacts on confidentiality, integrity, and availability through arbitrary code execution.

Details on exploitation and potential mitigations are available in the referenced GitHub repository at https://github.com/JonathanLauener/iTop-privesc, published on 2025-01-23.

Details

CWE(s): CWE-427

CVEs Like This One

CVE-2025-24039Shared CWE-427

CVE-2023-53959Shared CWE-427

CVE-2025-26631Shared CWE-427

CVE-2024-48091Shared CWE-427

CVE-2024-9498Shared CWE-427

CVE-2026-3775Shared CWE-427

CVE-2026-7279Shared CWE-427

CVE-2025-24998Shared CWE-427

CVE-2024-9497Shared CWE-427

CVE-2025-65118Shared CWE-427

References

https://github.com/JonathanLauener/iTop-privesc
cve@mitre.org