CVE-2025-24914
📋 TL;DR
This vulnerability allows local privilege escalation on Windows systems where Nessus is installed to a non-default location. Attackers could exploit insecure directory permissions to gain elevated privileges. Only affects Nessus installations on Windows with custom installation paths.
💻 Affected Systems
- Tenable Nessus
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Local attacker gains SYSTEM/administrator privileges on the Windows host, enabling complete system compromise, data theft, and persistence.
Likely Case
Local user with limited privileges escalates to administrator to install malware, access sensitive data, or modify system configurations.
If Mitigated
No impact if Nessus is installed to default location or proper directory permissions are enforced.
🎯 Exploit Status
Requires local access to the Windows system and knowledge of the non-default installation path.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 10.8.4
Vendor Advisory: https://www.tenable.com/security/tns-2025-05
Restart Required: Yes
Instructions:
1. Download Nessus 10.8.4 or later from Tenable website. 2. Run the installer as administrator. 3. Follow installation prompts. 4. Restart the system after installation completes.
🔧 Temporary Workarounds
Secure directory permissions manually
windowsManually set proper permissions on Nessus installation directory to prevent unauthorized access.
icacls "C:\Path\To\Nessus" /inheritance:r /grant:r "SYSTEM:(OI)(CI)F" "Administrators:(OI)(CI)F" "Users:(OI)(CI)RX"
Reinstall to default location
windowsUninstall Nessus from non-default location and reinstall to default C:\Program Files\Tenable\Nessus
🧯 If You Can't Patch
- Audit and secure permissions on all non-default Nessus installation directories
- Restrict local access to systems with vulnerable Nessus installations
🔍 How to Verify
Check if Vulnerable:
Check Nessus version via web interface (Settings > About) or command line: "C:\Program Files\Tenable\Nessus\nessuscli.exe" --version. If version < 10.8.4 AND installed to non-default location, system is vulnerable.Check Version:
"C:\Program Files\Tenable\Nessus\nessuscli.exe" --versionVerify Fix Applied:
Verify version is 10.8.4 or later and check directory permissions on installation folder using: icacls "installation_path"📡 Detection & Monitoring
Log Indicators:
- Windows Security logs showing unexpected privilege escalation
- Nessus service logs showing access from unexpected users
Network Indicators:
- None - this is a local vulnerability
SIEM Query:
EventID=4672 AND ProcessName LIKE '%nessus%' AND SubjectUserName != 'SYSTEM' AND SubjectUserName != 'Administrator'