Cyber Posture

CVE-2024-9491

High

Published: 24 January 2025

Published
24 January 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score 8.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
EPSS Score 0.0008 22.5th percentile
Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-9491 is a high-severity Uncontrolled Search Path Element (CWE-427) vulnerability in Silabs (inferred from references). Its CVSS base score is 8.6 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique DLL Side-Loading (T1574.002); ranked at the 22.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 CM-11 (User-installed Software) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to DLL Side-Loading (T1574.002) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

CM-11 User-installed Software good match
prevent

Directly restricts and validates user-installed software such as the vulnerable Configuration Wizard 2 installer prior to execution, preventing DLL hijacking exploitation.

SI-2 Flaw Remediation good match
prevent

Ensures timely remediation of the specific DLL hijacking flaw in the Silicon Labs Configuration Wizard 2 installer via patching or vendor fixes.

SI-3 Malicious Code Protection good match
preventdetect

Deploys malicious code protection mechanisms to scan for and block the malicious DLL loaded via the uncontrolled search path during installer execution.

MITRE ATT&CK Enterprise TechniquesAI

T1574.002 DLL Side-Loading Stealth
Adversaries may execute their own malicious payloads by side-loading DLLs.
attack.mitre.org →
T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
attack.mitre.org →
Why these techniques?

Direct DLL side-loading via uncontrolled search path (CWE-427) in installer enables arbitrary code execution and privilege escalation.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

DLL hijacking vulnerabilities, caused by an uncontrolled search path in Configuration Wizard 2 installer can lead to privilege escalation and arbitrary code execution when running the impacted installer.

Deeper analysisAI

CVE-2024-9491 is a DLL hijacking vulnerability stemming from an uncontrolled search path in the Configuration Wizard 2 installer, associated with Silicon Labs software. This issue, classified under CWE-427, enables privilege escalation and arbitrary code execution when the affected installer is executed. It carries a CVSS v3.1 base score of 8.6 (AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H) and was published on 2025-01-24.

The vulnerability can be exploited by a local attacker with no required privileges who tricks a user into running the impacted installer, such as through social engineering. Successful exploitation allows the attacker to achieve privilege escalation and execute arbitrary code with elevated permissions due to the scope change from user interaction.

Mitigation details are outlined in the Silicon Labs community advisory at https://community.silabs.com/068Vm00000JUQwd.

Details

CWE(s)
CWE-427

Affected Products

Silabs
inferred from references and description; NVD did not file a CPE for this CVE

CVEs Like This One

CVE-2024-55543Shared CWE-427
CVE-2025-54519Shared CWE-427
CVE-2025-0069Shared CWE-427
CVE-2026-25655Shared CWE-427
CVE-2024-55898Shared CWE-427
CVE-2024-55540Shared CWE-427
CVE-2025-57836Shared CWE-427
CVE-2025-69784Shared CWE-427
CVE-2025-21206Shared CWE-427
CVE-2025-48503Shared CWE-427

References