Cyber Resilience

CVE-2024-53588

High

Published: 23 January 2025

Published
23 January 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0019 8.7th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2024-53588 is a high-severity Uncontrolled Search Path Element (CWE-427) vulnerability. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique DLL (T1574.001); ranked at the 8.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 CM-10 (Software Usage Restrictions) and CM-14 (Signed Components).

Deeper analysis

CVE-2024-53588 is a DLL hijacking vulnerability in iTop VPN version 16.0. The issue allows attackers to execute arbitrary code by placing a crafted DLL file into the path \ProgramData\iTop VPN\Downloader\vpn6. It is classified under CWE-427 (Untrusted Search Path) and received a CVSS v3.1 base score of 7.8 (High), with the vector AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H.

A local attacker requires no privileges and can exploit the vulnerability with low attack complexity, though user interaction is needed, such as launching the iTop VPN application. Upon successful exploitation, the attacker achieves high impacts on confidentiality, integrity, and availability through arbitrary code execution.

Details on exploitation and potential mitigations are available in the referenced GitHub repository at https://github.com/JonathanLauener/iTop-privesc, published on 2025-01-23.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

A DLL hijacking vulnerability in iTop VPN v16.0 allows attackers to execute arbitrary code via placing a crafted DLL file into the path \ProgramData\iTop VPN\Downloader\vpn6.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1574.001 DLL Stealth
Adversaries may abuse dynamic-link library files (DLLs) in order to achieve persistence, escalate privileges, and evade defenses.
Why these techniques?

Direct DLL hijacking via untrusted search path (CWE-427) enables arbitrary code execution on application launch.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2023-53959Shared CWE-427
CVE-2024-48091Shared CWE-427
CVE-2025-24039Shared CWE-427
CVE-2025-26631Shared CWE-427
CVE-2026-7279Shared CWE-427
CVE-2024-9497Shared CWE-427
CVE-2026-22619Shared CWE-427
CVE-2026-3775Shared CWE-427
CVE-2025-65118Shared CWE-427
CVE-2020-23438Shared CWE-427

Affected Assets

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly remediates the DLL hijacking flaw in iTop VPN by identifying, reporting, and correcting the untrusted search path vulnerability.

prevent

Enforces software whitelisting or blacklisting to prevent execution of attacker-placed malicious DLLs in untrusted paths like ProgramData.

prevent

Requires digital signatures for software components such as DLLs, blocking loading of unsigned malicious files exploited in this hijacking.

References