CVE-2024-9495

High

Published: 24 January 2025

Published

24 January 2025

Modified

15 April 2026

KEV Added

—

Patch

—

CVSS Score 8.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

EPSS Score 0.0008 22.5th percentile

Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-9495 is a high-severity Uncontrolled Search Path Element (CWE-427) vulnerability in Silabs (inferred from references). Its CVSS base score is 8.6 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique DLL Search Order Hijacking (T1038); ranked at the 22.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 CM-10 (Software Usage Restrictions) and CM-11 (User-installed Software).

Threat & Defense at a Glance

What attackers do: exploitation maps to DLL Search Order Hijacking (T1038) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Timely flaw remediation ensures the vulnerable CP210x installer is patched, directly eliminating the DLL hijacking vulnerability.

CM-11 User-installed Software good match

prevent

Restricting user-installed software to approved sources prevents execution of the vulnerable CP210x installer containing the uncontrolled search path.

CM-10 Software Usage Restrictions good match

prevent

Software usage restrictions via whitelisting or blacklisting block execution of both the vulnerable installer and any malicious DLLs it loads.

MITRE ATT&CK Enterprise TechniquesAI

T1038 DLL Search Order Hijacking Persistence

Windows systems use a common method to look for required DLLs to load into a program.

attack.mitre.org →

T1068 Exploitation for Privilege Escalation Privilege Escalation

Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.

attack.mitre.org →

Why these techniques?

CVE directly describes DLL search order hijacking (uncontrolled search path) in an installer executable, enabling local privilege escalation and arbitrary code execution upon user-run execution.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

DLL hijacking vulnerabilities, caused by an uncontrolled search path in the CP210x VCP Windows installer can lead to privilege escalation and arbitrary code execution when running the impacted installer.

Deeper analysisAI

CVE-2024-9495 is a DLL hijacking vulnerability stemming from an uncontrolled search path (CWE-427) in the CP210x VCP Windows installer provided by Silicon Labs. This flaw affects systems where the installer is executed, allowing malicious DLLs to be loaded instead of legitimate ones due to insecure directory searching behavior. Published on January 24, 2025, it carries a CVSS v3.1 base score of 8.6 (AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H), indicating high severity with potential for significant impact.

A local attacker can exploit this vulnerability without requiring privileges by placing a malicious DLL in a directory that the installer searches prior to secure paths. Exploitation necessitates user interaction, such as convincing a user to run the affected installer executable. Successful exploitation enables privilege escalation and arbitrary code execution with the privileges of the installer process, potentially compromising the entire system.

Silicon Labs has issued an advisory detailing the vulnerability at https://community.silabs.com/068Vm00000JUQwd, which security practitioners should consult for specific patch information, updated installers, and recommended mitigations.