Cyber Posture

CVE-2024-9497

High

Published: 24 January 2025

Published
24 January 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score 8.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
EPSS Score 0.0001 1.0th percentile
Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-9497 is a high-severity Uncontrolled Search Path Element (CWE-427) vulnerability in Silabs (inferred from references). Its CVSS base score is 8.6 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique DLL Search Order Hijacking (T1038); ranked at the 1.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 CM-10 (Software Usage Restrictions) and CM-11 (User-installed Software).

Threat & Defense at a Glance

What attackers do: exploitation maps to DLL Search Order Hijacking (T1038) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

CM-11 User-installed Software good match
prevent

Prohibits user installation and execution of unapproved software like the vulnerable USBXpress SDK installer, eliminating the required user interaction for DLL hijacking exploitation.

SI-2 Flaw Remediation good match
prevent

Requires timely identification, reporting, and correction of flaws such as CVE-2024-9497 in the USBXpress installer to prevent privilege escalation via DLL hijacking.

CM-10 Software Usage Restrictions good match
prevent

Enforces deny-all, permit-by-exception policies for software execution, blocking the vulnerable installer and potentially malicious DLLs from running.

MITRE ATT&CK Enterprise TechniquesAI

T1038 DLL Search Order Hijacking Persistence
Windows systems use a common method to look for required DLLs to load into a program.
attack.mitre.org →
T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
attack.mitre.org →
Why these techniques?

Direct DLL search order hijacking (CWE-427) in installer enables T1038; results in local privilege escalation and code execution via malicious DLL placement.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

DLL hijacking vulnerabilities, caused by an uncontrolled search path in the USBXpress 4 SDK installer can lead to privilege escalation and arbitrary code execution when running the impacted installer.

Deeper analysisAI

CVE-2024-9497 is a DLL hijacking vulnerability stemming from an uncontrolled search path in the USBXpress 4 SDK installer from Silicon Labs. This issue, classified under CWE-427, affects systems where the impacted installer is executed and carries a CVSS v3.1 base score of 8.6 (AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).

A local attacker can exploit this vulnerability by placing a malicious DLL in a directory prioritized by the installer's search path ahead of secure locations. Exploitation requires user interaction to run the installer, enabling privilege escalation and arbitrary code execution with high impacts on confidentiality, integrity, and availability, along with a change in scope.

Silicon Labs has published details on this vulnerability in their community advisory at https://community.silabs.com/068Vm00000JUQwd.

Details

CWE(s)
CWE-427

Affected Products

Silabs
inferred from references and description; NVD did not file a CPE for this CVE

CVEs Like This One

CVE-2026-3775Shared CWE-427
CVE-2026-7279Shared CWE-427
CVE-2025-65118Shared CWE-427
CVE-2024-9499Shared CWE-427
CVE-2024-9494Shared CWE-427
CVE-2026-24502Shared CWE-427
CVE-2024-9495Shared CWE-427
CVE-2026-3091Shared CWE-427
CVE-2025-33229Shared CWE-427
CVE-2026-21420Shared CWE-427

References