Cyber Resilience

CVE-2024-9495

High

Published: 24 January 2025

Published
24 January 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 8.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
EPSS Score 0.0019 8.6th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2024-9495 is a high-severity Uncontrolled Search Path Element (CWE-427) vulnerability in Silabs (inferred from references). Its CVSS base score is 8.6 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique DLL (T1574.001); ranked at the 8.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 CM-10 (Software Usage Restrictions) and CM-11 (User-installed Software).

Deeper analysis

CVE-2024-9495 is a DLL hijacking vulnerability stemming from an uncontrolled search path (CWE-427) in the CP210x VCP Windows installer provided by Silicon Labs. This flaw affects systems where the installer is executed, allowing malicious DLLs to be loaded instead of legitimate ones due to insecure directory searching behavior. Published on January 24, 2025, it carries a CVSS v3.1 base score of 8.6 (AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H), indicating high severity with potential for significant impact.

A local attacker can exploit this vulnerability without requiring privileges by placing a malicious DLL in a directory that the installer searches prior to secure paths. Exploitation necessitates user interaction, such as convincing a user to run the affected installer executable. Successful exploitation enables privilege escalation and arbitrary code execution with the privileges of the installer process, potentially compromising the entire system.

Silicon Labs has issued an advisory detailing the vulnerability at https://community.silabs.com/068Vm00000JUQwd, which security practitioners should consult for specific patch information, updated installers, and recommended mitigations.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

DLL hijacking vulnerabilities, caused by an uncontrolled search path in the CP210x VCP Windows installer can lead to privilege escalation and arbitrary code execution when running the impacted installer.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1574.001 DLL Stealth
Adversaries may abuse dynamic-link library files (DLLs) in order to achieve persistence, escalate privileges, and evade defenses.
T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

CVE directly describes DLL search order hijacking (uncontrolled search path) in an installer executable, enabling local privilege escalation and arbitrary code execution upon user-run execution.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-7279Shared CWE-427
CVE-2024-9497Shared CWE-427
CVE-2026-3775Shared CWE-427
CVE-2025-65118Shared CWE-427
CVE-2024-9494Shared CWE-427
CVE-2024-9499Shared CWE-427
CVE-2023-31361Shared CWE-427
CVE-2026-24502Shared CWE-427
CVE-2024-9492Shared CWE-427
CVE-2025-33229Shared CWE-427

Affected Assets

Silabs
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Timely flaw remediation ensures the vulnerable CP210x installer is patched, directly eliminating the DLL hijacking vulnerability.

prevent

Restricting user-installed software to approved sources prevents execution of the vulnerable CP210x installer containing the uncontrolled search path.

prevent

Software usage restrictions via whitelisting or blacklisting block execution of both the vulnerable installer and any malicious DLLs it loads.

References