Cyber Resilience

CVE-2024-9497

High

Published: 24 January 2025

Published
24 January 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 8.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
EPSS Score 0.0024 15.1th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2024-9497 is a high-severity Uncontrolled Search Path Element (CWE-427) vulnerability in Silabs (inferred from references). Its CVSS base score is 8.6 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique DLL (T1574.001); ranked at the 15.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 CM-10 (Software Usage Restrictions) and CM-11 (User-installed Software).

Deeper analysis

CVE-2024-9497 is a DLL hijacking vulnerability stemming from an uncontrolled search path in the USBXpress 4 SDK installer from Silicon Labs. This issue, classified under CWE-427, affects systems where the impacted installer is executed and carries a CVSS v3.1 base score of 8.6 (AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).

A local attacker can exploit this vulnerability by placing a malicious DLL in a directory prioritized by the installer's search path ahead of secure locations. Exploitation requires user interaction to run the installer, enabling privilege escalation and arbitrary code execution with high impacts on confidentiality, integrity, and availability, along with a change in scope.

Silicon Labs has published details on this vulnerability in their community advisory at https://community.silabs.com/068Vm00000JUQwd.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

DLL hijacking vulnerabilities, caused by an uncontrolled search path in the USBXpress 4 SDK installer can lead to privilege escalation and arbitrary code execution when running the impacted installer.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1574.001 DLL Stealth
Adversaries may abuse dynamic-link library files (DLLs) in order to achieve persistence, escalate privileges, and evade defenses.
T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Direct DLL search order hijacking (CWE-427) in installer enables T1038; results in local privilege escalation and code execution via malicious DLL placement.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-7279Shared CWE-427
CVE-2026-3775Shared CWE-427
CVE-2025-65118Shared CWE-427
CVE-2024-9494Shared CWE-427
CVE-2024-9499Shared CWE-427
CVE-2023-31361Shared CWE-427
CVE-2024-9495Shared CWE-427
CVE-2026-24502Shared CWE-427
CVE-2024-9492Shared CWE-427
CVE-2025-33229Shared CWE-427

Affected Assets

Silabs
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Prohibits user installation and execution of unapproved software like the vulnerable USBXpress SDK installer, eliminating the required user interaction for DLL hijacking exploitation.

prevent

Requires timely identification, reporting, and correction of flaws such as CVE-2024-9497 in the USBXpress installer to prevent privilege escalation via DLL hijacking.

prevent

Enforces deny-all, permit-by-exception policies for software execution, blocking the vulnerable installer and potentially malicious DLLs from running.

References