Cyber Resilience

CVE-2024-9496

High

Published: 24 January 2025

Published
24 January 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 8.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
EPSS Score 0.0024 15.1th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2024-9496 is a high-severity Uncontrolled Search Path Element (CWE-427) vulnerability in Silabs (inferred from references). Its CVSS base score is 8.6 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique DLL (T1574.001); ranked at the 15.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 CM-11 (User-installed Software) and CM-14 (Signed Components).

Deeper analysis

CVE-2024-9496 is a DLL hijacking vulnerability (CWE-427: Uncontrolled Search Path Element) affecting the USBXpress Dev Kit installer. The issue arises from an uncontrolled search path during installation, which can enable privilege escalation and arbitrary code execution when the impacted installer is executed. It carries a CVSS v3.1 base score of 8.6 (AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H) and was published on 2025-01-24.

A local attacker requires no privileges (PR:N) but needs low-complexity conditions (AC:L) and user interaction (UI:R), such as convincing a user to run the installer. Successful exploitation allows arbitrary code execution with a scope change (S:C), resulting in high impacts to confidentiality, integrity, and availability.

Mitigation details are available in the Silicon Labs community advisory at https://community.silabs.com/068Vm00000JUQwd.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

DLL hijacking vulnerabilities, caused by an uncontrolled search path in the USBXpress Dev Kit installer can lead to privilege escalation and arbitrary code execution when running the impacted installer.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1574.001 DLL Stealth
Adversaries may abuse dynamic-link library files (DLLs) in order to achieve persistence, escalate privileges, and evade defenses.
T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

CVE directly describes DLL hijacking (uncontrolled search path) enabling arbitrary code execution and privilege escalation on installer run.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2024-29223Shared CWE-427
CVE-2025-48503Shared CWE-427
CVE-2022-28339Shared CWE-427
CVE-2025-69784Shared CWE-427
CVE-2024-55540Shared CWE-427
CVE-2024-9490Shared CWE-427
CVE-2025-0069Shared CWE-427
CVE-2025-57836Shared CWE-427
CVE-2025-21206Shared CWE-427
CVE-2026-25656Shared CWE-427

Affected Assets

Silabs
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires timely remediation of the DLL hijacking flaw in the USBXpress Dev Kit installer to prevent exploitation.

preventdetect

Restricts, approves, scans, and monitors user-installed software like the vulnerable USBXpress installer to block or identify malicious installations.

prevent

Mandates cryptographic verification of signatures for software components, preventing execution of unsigned malicious DLLs hijacked via uncontrolled search paths.

References