CVE-2025-24914 is a vulnerability classified under CWE-276 (Incorrect Default Permissions) affecting Tenable Nessus on Windows platforms when installed to non-default directories. Nessus versions prior to 10.8.4 fail to enforce secure permissions on sub-directories within these custom installation locations. This misconfiguration can allow local users with limited privileges to gain elevated privileges by modifying files or directories that should be protected. The vulnerability requires local access and low attack complexity but does not require user interaction. The CVSS v3.1 vector (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) indicates that an attacker with some privileges can escalate to higher privileges, potentially compromising confidentiality, integrity, and availability of the Nessus installation and possibly the host system. While no public exploits are known, the vulnerability poses a significant risk in environments where Nessus is installed outside default paths without proper permission hardening. The issue was reserved in January 2025 and published in April 2025, with Tenable addressing it in version 10.8.4. The vulnerability highlights the importance of secure installation practices and permission management on Windows systems, especially for security tools like Nessus that operate with elevated privileges.

The vulnerability allows local users with limited privileges to escalate their rights on Windows hosts running Nessus installed in non-default locations. This can lead to unauthorized access to sensitive scanning data, manipulation or disabling of Nessus functionality, and potential execution of arbitrary code with elevated privileges. The compromise of Nessus could undermine an organization's vulnerability management program, exposing other systems to undetected threats. Given Nessus's role in security posture assessment, attackers gaining control over it could hide their presence or disable detection capabilities. The impact extends to confidentiality, integrity, and availability of the affected systems. Organizations relying on Nessus for compliance and security monitoring may face increased risk of internal threats or lateral movement by attackers exploiting this vulnerability.

Organizations should immediately verify the installation paths of Nessus on Windows hosts and ensure that directory permissions on non-default installation locations are securely configured, restricting write and modify access to authorized administrators only. Upgrading Nessus to version 10.8.4 or later is strongly recommended, as this version enforces correct permissions automatically. For existing installations, administrators should manually audit and correct ACLs on all Nessus sub-directories in custom paths. Employing Windows security tools such as ICACLS can help script and automate permission corrections. Additionally, restrict local user privileges to the minimum necessary and monitor for unusual privilege escalation attempts. Regularly review Nessus logs and system event logs for suspicious activity. Implementing application whitelisting and endpoint detection can further reduce risk. Finally, document and enforce secure installation guidelines to prevent recurrence of insecure permissions in future deployments.