CVE-2025-24916 is a vulnerability classified under CWE-284 (Improper Access Control) affecting Tenable Network Monitor on Windows platforms when installed to non-default locations. Versions prior to 6.5.1 fail to enforce secure permissions on sub-directories within the custom installation path. This misconfiguration allows local users with limited privileges to gain unauthorized access to files or executables within these directories, potentially leading to local privilege escalation. The vulnerability does not require user interaction but does require local access and some level of privilege (low privilege user). The CVSS 3.1 vector (AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H) indicates that exploitation is local, requires high attack complexity, low privileges, no user interaction, and impacts confidentiality, integrity, and availability at a high level. No public exploits are currently known, but the risk remains significant due to the potential for attackers to leverage this flaw to gain administrative control on affected systems. The issue arises specifically from insecure directory permissions when Tenable Network Monitor is installed outside the default path, highlighting the importance of secure installation practices and permission management.

The primary impact of this vulnerability is local privilege escalation, which can allow an attacker with limited access to elevate their privileges to administrative or system-level control. This can lead to full compromise of the affected host, including unauthorized access to sensitive data, modification or deletion of critical files, and disruption of monitoring services. For organizations relying on Tenable Network Monitor for security visibility, this could undermine the integrity and availability of their security monitoring infrastructure. Attackers exploiting this vulnerability could also use the elevated privileges to move laterally within networks, increasing the scope of compromise. The impact is especially critical in environments where Tenable Network Monitor is deployed on Windows servers or workstations with multiple users and where non-default installation paths are used without proper permission hardening.

Organizations should immediately upgrade Tenable Network Monitor to version 6.5.1 or later, where this vulnerability has been addressed. For existing installations on non-default paths, administrators must audit and correct directory permissions to ensure that only authorized users have access to installation sub-directories. Specifically, permissions should be restricted to administrative accounts and the service account running Tenable Network Monitor. Implementing least privilege principles for local users and regularly reviewing file system permissions can prevent exploitation. Additionally, organizations should monitor local user activities for suspicious privilege escalation attempts and consider deploying endpoint detection and response (EDR) solutions to detect anomalous behavior. Security teams should also educate users about the risks of installing software in non-standard locations without proper security controls.