CVE-2025-24915 identifies a local privilege escalation vulnerability in Tenable Nessus Agent for Windows when installed to a non-default directory. The root cause is improper default permissions (CWE-276) assigned to sub-directories under the custom installation path, which fail to restrict access adequately. This misconfiguration can allow local users with limited privileges to modify or replace files within these directories, thereby escalating their privileges to higher levels, potentially SYSTEM or Administrator. The vulnerability affects all Nessus Agent versions prior to 10.8.3. Exploitation requires local access and no user interaction, making it a straightforward attack vector for insiders or compromised low-privilege accounts. The vulnerability impacts confidentiality, integrity, and availability by enabling unauthorized code execution or system modification. Although no public exploits are known, the high CVSS score (7.8) indicates a significant risk, especially in environments where Nessus Agent is deployed on Windows endpoints with non-standard installation paths. The issue was reserved in January 2025 and published in March 2025, with Tenable addressing it in version 10.8.3. Organizations using Nessus Agent should audit installation directories, verify permissions, and apply the patch promptly to mitigate the risk.

This vulnerability allows local attackers to escalate privileges on Windows hosts running Nessus Agent installed in non-default locations. The impact includes potential full system compromise, unauthorized access to sensitive data, and disruption of security monitoring functions provided by Nessus Agent. Attackers gaining elevated privileges could disable security controls, install persistent malware, or move laterally within the network. Enterprises relying on Nessus for vulnerability management and compliance monitoring may face increased risk of undetected intrusions or data breaches. The vulnerability undermines the integrity and availability of the affected systems and can lead to significant operational and reputational damage. Since exploitation requires local access, the threat is most severe in environments with multiple users or where endpoint security is lax. The absence of known exploits in the wild reduces immediate risk but does not diminish the urgency for remediation given the ease of exploitation once local access is obtained.

1. Upgrade Nessus Agent to version 10.8.3 or later, where this vulnerability is fixed. 2. Audit all Windows hosts with Nessus Agent installed in non-default directories to verify and correct directory and sub-directory permissions, ensuring they follow the principle of least privilege. 3. Restrict local user permissions on endpoints to prevent unauthorized directory modifications. 4. Implement endpoint detection and response (EDR) solutions to monitor for suspicious local privilege escalation attempts. 5. Enforce strict access controls and user account management to minimize the number of users with local access. 6. Regularly review and harden installation procedures to avoid non-default paths unless necessary, and document permission requirements. 7. Conduct internal penetration testing focusing on local privilege escalation vectors to identify similar misconfigurations. 8. Educate system administrators and security teams about the risks of improper directory permissions and the importance of patch management.