CVE-2024-9495 HIGH

CVE-2024-9495: Uncontrolled search path can lead to DLL hijacking in CP210x VCP Windows installer

Vendor Silabs.com
Product CP210x VCP Windows
Weakness CWE-427
Published January 24, 2025
Last update January 27, 2025

CVSS base score

8.6/10
Attack vector Local
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

DLL hijacking vulnerabilities, caused by an uncontrolled search path in the CP210x VCP Windows installer can lead to privilege escalation and arbitrary code execution when running the impacted installer.

Key dates

02Disclosure timeline

January 24, 2025 CVE published
January 27, 2025 Record updated