CVE-2024-9492

High

Published: 24 January 2025

Published

24 January 2025

Modified

15 April 2026

KEV Added

—

Patch

—

CVSS Score 8.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

EPSS Score 0.0008 22.5th percentile

Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-9492 is a high-severity Uncontrolled Search Path Element (CWE-427) vulnerability in Silabs (inferred from references). Its CVSS base score is 8.6 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique DLL Search Order Hijacking (T1038); ranked at the 22.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 CM-11 (User-installed Software) and CM-14 (Signed Components).

Threat & Defense at a Glance

What attackers do: exploitation maps to DLL Search Order Hijacking (T1038) and 2 other techniques. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Directly remediates the DLL hijacking flaw in the Flash Programming Utility installer by identifying, reporting, and applying corrections such as vendor-provided patches from the Silicon Labs advisory.

CM-11 User-installed Software good match

prevent

Enforces organizational policies to restrict user installation and execution of unapproved software, preventing the user interaction needed to launch the vulnerable installer.

CM-14 Signed Components good match

prevent

Verifies the authenticity and integrity of software components like DLLs using signed component mechanisms prior to use, blocking malicious unsigned DLLs placed in the installer's search path.

MITRE ATT&CK Enterprise TechniquesAI

T1038 DLL Search Order Hijacking Persistence

Windows systems use a common method to look for required DLLs to load into a program.

attack.mitre.org →

T1574.002 DLL Side-Loading Stealth

Adversaries may execute their own malicious payloads by side-loading DLLs.

attack.mitre.org →

T1068 Exploitation for Privilege Escalation Privilege Escalation

Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.

attack.mitre.org →

Why these techniques?

Uncontrolled search path enables DLL Search Order Hijacking/Side-Loading for code execution and privilege escalation during installer run.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

DLL hijacking vulnerabilities, caused by an uncontrolled search path in Flash Programming Utility installer can lead to privilege escalation and arbitrary code execution when running the impacted installer.

Deeper analysisAI

CVE-2024-9492 is a DLL hijacking vulnerability stemming from an uncontrolled search path (CWE-427) in the Flash Programming Utility installer from Silicon Labs. Published on January 24, 2025, it carries a CVSS v3.1 base score of 8.6 (AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H). The flaw allows malicious DLLs to be loaded and executed during installer execution due to improper directory search precedence.

A local attacker can exploit this vulnerability by placing a malicious DLL in a directory that the installer searches before legitimate paths, tricking a user into running the affected installer. No special privileges are required (PR:N), but user interaction is needed (UI:R), such as launching the utility. Successful exploitation enables privilege escalation and arbitrary code execution with high confidentiality, integrity, and availability impacts, with a changed scope (S:C).

Silicon Labs has issued an advisory on their community forum at https://community.silabs.com/068Vm00000JUQwd, which provides details on the vulnerability and recommended mitigations for affected users.