Cyber Posture

CVE-2024-57426

High

Published: 06 February 2025

Published
06 February 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
EPSS Score 0.0011 28.3th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-57426 is a high-severity Uncontrolled Search Path Element (CWE-427) vulnerability in Sourceforge (inferred from references). Its CVSS base score is 7.3 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique DLL Side-Loading (T1574.002); ranked at the 28.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 CM-14 (Signed Components) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to DLL Side-Loading (T1574.002). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Directly remediates the DLL injection flaw by identifying, reporting, and correcting improper validation of dynamically loaded libraries through timely patching.

CM-14 Signed Components good match
prevent

Requires digital signatures or cryptographic hashes for software components like DLLs prior to execution, preventing loading of malicious DLLs from insecure directories.

SI-7 Software, Firmware, and Information Integrity good match
preventdetect

Employs integrity verification tools to detect unauthorized changes to dynamically loaded libraries, blocking or identifying malicious DLL execution.

MITRE ATT&CK Enterprise TechniquesAI

T1574.002 DLL Side-Loading Stealth
Adversaries may execute their own malicious payloads by side-loading DLLs.
attack.mitre.org →
Why these techniques?

CWE-427 enables malicious DLL placement in load path for arbitrary code execution (DLL side-loading).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

NetMod VPN Client 5.3.1 is vulnerable to DLL injection, allowing an attacker to execute arbitrary code by placing a malicious DLL in a directory where the application loads dependencies. This vulnerability arises due to the improper validation of dynamically loaded…

more

libraries.

Deeper analysisAI

CVE-2024-57426 is a DLL injection vulnerability in NetMod VPN Client version 5.3.1. The issue arises from improper validation of dynamically loaded libraries (CWE-427), enabling an attacker to place a malicious DLL in a directory where the application loads dependencies, resulting in arbitrary code execution.

The vulnerability has a CVSS v3.1 base score of 7.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L), indicating it is exploitable over the network with low attack complexity, no required privileges, and no user interaction. An attacker can achieve limited impacts on confidentiality, integrity, and availability through successful exploitation.

Mitigation details are available in the referenced advisories, including the GitHub repository at https://github.com/iamsinghmanish/My-CVEs/tree/main/CVE-2024-57426 and the project page at https://sourceforge.net/projects/netmodhttp/.

Details

CWE(s)
CWE-427

Affected Products

Sourceforge
inferred from references and description; NVD did not file a CPE for this CVE

CVEs Like This One

CVE-2026-23755Shared CWE-427
CVE-2024-9493Shared CWE-427
CVE-2026-5397Shared CWE-427
CVE-2026-2713Shared CWE-427
CVE-2024-57963Shared CWE-427
CVE-2025-21127Shared CWE-427
CVE-2024-57964Shared CWE-427
CVE-2024-9498Shared CWE-427
CVE-2024-55543Shared CWE-427
CVE-2025-54519Shared CWE-427

References