First published: Fri Mar 21 2025(Updated: )
When installing Nessus Agent to a non-default location on a Windows host, Nessus Agent versions prior to 10.8.3 did not enforce secure permissions for sub-directories. This could allow for local privilege escalation if users had not secured the directories in the non-default installation location.
Credit: vulnreport@tenable.com
Affected Software | Affected Version | How to fix |
---|---|---|
Nessus | <10.8.3 |
Tenable has released Nessus Agent 10.8.3 to address these issues. The installation files can be obtained from the Tenable Downloads Portal ( https://www.tenable.com/downloads/nessus-agents ).
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2025-24915 is classified as a high severity vulnerability due to its potential for local privilege escalation.
To fix CVE-2025-24915, upgrade to Nessus Agent version 10.8.3 or later to ensure secure permissions are enforced.
CVE-2025-24915 affects Nessus Agent versions prior to 10.8.3 installed in non-default locations on Windows hosts.
Yes, CVE-2025-24915 can allow local users to escalate privileges if the installation directory permissions are not secured.
To secure against CVE-2025-24915, ensure that the sub-directories of the Nessus Agent installation have proper permissions set.