CVE-2024-9495

CVE-2024-9495 is a DLL hijacking vulnerability stemming from an uncontrolled search path (CWE-427) in the CP210x VCP Windows installer provided by Silicon Labs. This flaw affects systems where the installer is executed, allowing malicious DLLs to be loaded instead of legitimate ones due to insecure directory searching behavior. Published on January 24, 2025, it carries a CVSS v3.1 base score of 8.6 (AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H), indicating high severity with potential for significant impact.

A local attacker can exploit this vulnerability without requiring privileges by placing a malicious DLL in a directory that the installer searches prior to secure paths. Exploitation necessitates user interaction, such as convincing a user to run the affected installer executable. Successful exploitation enables privilege escalation and arbitrary code execution with the privileges of the installer process, potentially compromising the entire system.

Silicon Labs has issued an advisory detailing the vulnerability at https://community.silabs.com/068Vm00000JUQwd, which security practitioners should consult for specific patch information, updated installers, and recommended mitigations.