Cyber Posture

CVE-2024-9498

High

Published: 24 January 2025

Published
24 January 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score 8.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
EPSS Score 0.0001 2.5th percentile
Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-9498 is a high-severity Uncontrolled Search Path Element (CWE-427) vulnerability in Silabs (inferred from references). Its CVSS base score is 8.6 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique DLL Search Order Hijacking (T1038); ranked at the 2.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 CM-11 (User-installed Software) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to DLL Search Order Hijacking (T1038) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Timely flaw remediation through patching the USBXpress SDK installer directly eliminates the uncontrolled search path vulnerability as advised by Silicon Labs.

CM-11 User-installed Software good match
prevent

Restricts user-installed software to approved executables only, preventing execution of the vulnerable USBXpress SDK installer.

SI-3 Malicious Code Protection partial match
preventdetect

Malicious code protection scans and blocks the attacker's malicious DLL placed in the installer's search path directories.

MITRE ATT&CK Enterprise TechniquesAI

T1038 DLL Search Order Hijacking Persistence
Windows systems use a common method to look for required DLLs to load into a program.
attack.mitre.org →
T1574.002 DLL Side-Loading Stealth
Adversaries may execute their own malicious payloads by side-loading DLLs.
attack.mitre.org →
Why these techniques?

Direct DLL hijacking via uncontrolled search path (CWE-427) in installer enables search order hijacking and side-loading for code execution/priv esc.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

DLL hijacking vulnerabilities, caused by an uncontrolled search path in the USBXpress SDK installer can lead to privilege escalation and arbitrary code execution when running the impacted installer.

Deeper analysisAI

CVE-2024-9498 is a DLL hijacking vulnerability (CWE-427) caused by an uncontrolled search path in the USBXpress SDK installer from Silicon Labs. Published on 2025-01-24, it affects users running the impacted installer and carries a CVSS v3.1 base score of 8.6 (AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H), indicating high severity due to its potential for significant impact.

A local attacker with no required privileges can exploit this vulnerability by placing a malicious DLL in a directory included in the installer's search path and inducing a user to execute the installer. This requires user interaction but low complexity, enabling privilege escalation and arbitrary code execution upon DLL loading, with high impacts across confidentiality, integrity, availability, and a change in scope.

Silicon Labs has issued an advisory with further details at https://community.silabs.com/068Vm00000JUQwd, which security practitioners should consult for mitigation guidance and patch information.

Details

CWE(s)
CWE-427

Affected Products

Silabs
inferred from references and description; NVD did not file a CPE for this CVE

CVEs Like This One

CVE-2026-22619Shared CWE-427
CVE-2026-3091Shared CWE-427
CVE-2025-33229Shared CWE-427
CVE-2026-21420Shared CWE-427
CVE-2025-52541Shared CWE-427
CVE-2024-9492Shared CWE-427
CVE-2026-23755Shared CWE-427
CVE-2024-9493Shared CWE-427
CVE-2026-5397Shared CWE-427
CVE-2026-2713Shared CWE-427

References