What happened

CISA added CVE-2022-23748 (Audinate Dante Discovery) to the Known Exploited Vulnerabilities catalog on 2025-02-06, with a remediation due date of 2025-02-27 CISA KEV. The entry describes a process control flaw in mDNSResponder.exe that enables a DLL sideloading attack, allowing local arbitrary code execution in the Dante Application Library context CISA KEV. CVE-2022-23748 is tracked by NIST and MITRE with CWE-114 classification (Process Control / DLL search path) NVD MITRE CVE.

Why it matters

Inclusion in the CISA KEV catalog signals observed exploitation in the wild and triggers a binding remediation requirement for covered organizations, with a specified due date for mitigation CISA KEV. The weakness is categorized as CWE-114, where an application fails to control the search path for external libraries, enabling loading of an attacker-controlled DLL and arbitrary code execution NVD MITRE CVE. The KEV description notes the vulnerable component is mDNSResponder.exe within Audinate Dante Discovery, and the attack scenario is explicitly DLL sideloading by a local adversary CISA KEV. That combination—trusted binary plus local DLL hijack—maps directly to the CWE-114 risk model and results in attacker code executing under the target process NVD.

Technical detail

CVE-2022-23748 affects Audinate Dante Discovery, specifically the mDNSResponder.exe component referenced in the KEV entry CISA KEV. The vulnerability is a process control flaw (CWE-114) where the executable can be coerced into loading a malicious library via DLL search order/sideloading, enabling local arbitrary code execution NVD MITRE CVE. The CISA synopsis states a local attacker can leverage the flaw in the Dante Application Library to execute arbitrary code, aligning with the CWE-114 impact when a binary resolves libraries from attacker-influenced locations CISA KEV NVD.

Key characteristics from the public records:

• Vulnerability type: Process Control / DLL search path hijacking (CWE-114) NVD MITRE CVE.
• Attack precondition: Local attacker (not remote-only) NVD.
• Impact: Arbitrary code execution when the trusted binary loads attacker-controlled DLL content NVD.
• Affected component reference: mDNSResponder.exe in Dante Discovery per KEV write-up CISA KEV.

The public CVE entries do not enumerate version granularity in the supplied sources; organizations should treat any Dante Discovery installs as potentially in scope until vendor-specific mitigations or version guidance are applied NVD CISA KEV.

Defense

CISA’s required action is explicit: apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable, with a due date of 2025-02-27 for remediation CISA KEV. Track the official CVE record and NVD entry for updates, including any changes to affected components or mitigation notes as they are published MITRE CVE NVD. Given KEV status, prioritize validation and remediation workflows accordingly and confirm that the vulnerable mDNSResponder.exe path is governed by current guidance from the vendor before returning assets to production CISA KEV.

Lyrie Verdict

This is a known-exploited DLL sideloading (CWE-114) route tied to a trusted binary, now formally flagged by CISA KEV for urgent action CISA KEV NVD. Local side-loads happen at process start and complete faster than human response windows; detection and interdiction must occur at machine speed. Lyrie prioritizes KEV-listed sideloading surfaces for autonomous policy enforcement and continuous watch, ensuring any execution context involving mDNSResponder.exe is scrutinized for library load integrity while mitigation is applied CISA KEV MITRE CVE.