CVE-2024-25376

HIGH

Thesycon Software Solutions Gmbh & Co. KG TUSBAudio <5.68.0 - RCE

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-25376. PoCs published by ewilded.

AI-analyzed exploit summary This is a functional local privilege escalation (LPE) exploit for CVE-2024-25376, targeting a race condition in TUSBAudio driver installers (versions after 5.40.0 and before 5.68.0). The exploit monitors the Temp directory for a specific installer-created subdirectory, then deploys a malicious DLL to hijack the DLL search order during installation.

Description

An issue discovered in Thesycon Software Solutions Gmbh & Co. KG TUSBAudio MSI-based installers before 5.68.0 allows a local attacker to execute arbitrary code via the msiexec.exe repair mode.

Exploits (1)

nomisec WORKING POC 2 stars
by ewilded · poc
https://github.com/ewilded/CVE-2024-25376-POC

This is a functional local privilege escalation (LPE) exploit for CVE-2024-25376, targeting a race condition in TUSBAudio driver installers (versions after 5.40.0 and before 5.68.0). The exploit monitors the Temp directory for a specific installer-created subdirectory, then deploys a malicious DLL to hijack the DLL search order during installation.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Moderate
Reliability
Racy
Target: TUSBAudio driver installers (v5.40.0 < version < v5.68.0)
Auth required
Prerequisites: Local access to the target system · TUSBAudio installer MSI file · Ability to execute the exploit binary
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Scores

CVSS v3 7.8
EPSS 0.0038
EPSS Percentile 29.4%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-94
Status published
Products (1)
thesycon/tusbaudio < 5.68.0
Published Apr 11, 2024
Tracked Since Feb 18, 2026