CVE-2025-24914

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-24914
When installing Nessus to a non-default location on a Windows host, Nessus versions prior to 10.8.4 did not enforce secure permissions for sub-directories. This could allow for local privilege escalation if users had not secured the directories in the non-default installation location. - CVE-2025-24914

7.8 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://www.tenable.com/security/tns-2025-05
Configurations

No configuration.

History

15 Apr 2026, 00:35

Type Values Removed Values Added
Summary
  • (es) Al instalar Nessus en una ubicación no predeterminada en un host Windows, las versiones de Nessus anteriores a la 10.8.4 no aplicaban permisos seguros a los subdirectorios. Esto podía permitir la escalada de privilegios locales si los usuarios no habían protegido los directorios en la ubicación de instalación no predeterminada. - CVE-2025-24914

18 Apr 2025, 19:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-04-18 19:15

Updated : 2026-04-15 00:35

NVD link : CVE-2025-24914

Mitre link : CVE-2025-24914

CVE.ORG link : CVE-2025-24914

JSON object : View

Products Affected

No product.

CWE
CWE-276

Incorrect Default Permissions