DLL Hijacking Vulnerability in OpenOrange Business Framework by OpenOrange
CVE-2024-42048

6.5MEDIUM

Key Information:

Vendor: OpenOrange
Status: OpenOrange Business Framework
Vendor: CVE Published:; 7 August 2025

What is CVE-2024-42048?

The OpenOrange Business Framework version 1.15.5 presents a security flaw that gives unprivileged users unauthorized write access to the installation directory. This vulnerability can potentially be exploited to achieve arbitrary code execution and escalate privileges. Attackers leveraging this weakness could manipulate dynamic link libraries (DLLs), allowing for malicious code execution during the loading process. To mitigate such risks, it is crucial for users and administrators to follow best practices regarding file and directory permissions, and to regularly update to the latest secure versions.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://docs.microsoft.com/en-us/windows/win32/dlls/dynam...

https://support.microsoft.com/en-us/topic/secure-loading-...

https://resources.infosecinstitute.com/topic/dll-hijacking

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 7, 2025
Vulnerability Reserved
Jul 28, 2024

JSON

OpenOrange

What is CVE-2024-42048?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.