Cyber Resilience

CVE-2024-9499

High

Published: 24 January 2025

Published
24 January 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 8.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
EPSS Score 0.0024 15.1th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2024-9499 is a high-severity Uncontrolled Search Path Element (CWE-427) vulnerability in Silabs (inferred from references). Its CVSS base score is 8.6 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique DLL (T1574.001); ranked at the 15.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 CM-10 (Software Usage Restrictions) and CM-11 (User-installed Software).

Deeper analysis

CVE-2024-9499 is a DLL hijacking vulnerability caused by an uncontrolled search path in the USBXpress Win 98SE Dev Kit installer. This issue, classified under CWE-427, affects the installer for this development kit from Silicon Labs and can lead to privilege escalation and arbitrary code execution when the impacted installer is executed. The vulnerability has a CVSS v3.1 base score of 8.6 (AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H), highlighting its high severity due to the potential for significant impact with low attack complexity.

A local attacker can exploit this vulnerability by placing a malicious DLL in a directory included in the installer's search path, which is searched before secure locations. Exploitation requires no special privileges (PR:N) but depends on user interaction (UI:R), such as a victim running the installer. Upon success, the attacker achieves privilege escalation and arbitrary code execution with high scope change, compromising confidentiality, integrity, and availability.

Silicon Labs has published details on this vulnerability in their community advisory at https://community.silabs.com/068Vm00000JUQwd, which security practitioners should consult for recommended mitigations and patches.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

DLL hijacking vulnerabilities, caused by an uncontrolled search path in the USBXpress Win 98SE Dev Kit installer can lead to privilege escalation and arbitrary code execution when running the impacted installer.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1574.001 DLL Stealth
Adversaries may abuse dynamic-link library files (DLLs) in order to achieve persistence, escalate privileges, and evade defenses.
T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Direct DLL Search Order Hijacking via uncontrolled search path in installer enables local privilege escalation and arbitrary code execution.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-7279Shared CWE-427
CVE-2024-9497Shared CWE-427
CVE-2026-3775Shared CWE-427
CVE-2025-65118Shared CWE-427
CVE-2024-9494Shared CWE-427
CVE-2023-31361Shared CWE-427
CVE-2024-9495Shared CWE-427
CVE-2026-24502Shared CWE-427
CVE-2024-9492Shared CWE-427
CVE-2025-33229Shared CWE-427

Affected Assets

Silabs
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Restricts and approves user-installed software, preventing execution of vulnerable installers like the USBXpress Win 98SE Dev Kit that suffer from DLL hijacking.

prevent

Requires digital signatures for software components such as DLLs prior to installation and execution, blocking malicious unsigned DLLs loaded via uncontrolled search paths.

prevent

Implements deny-all, permit-by-exception policies for software execution, preventing the vulnerable installer and any malicious DLLs from running.

References