CVE-2025-24915
Published: 21 March 2025
Description
Adversaries may execute their own malicious payloads by hijacking the binaries used by services.
Security Summary
CVE-2025-24915 affects Nessus Agent versions prior to 10.8.3 when installed to a non-default location on Windows hosts. In such configurations, the agent fails to enforce secure permissions on sub-directories, which could enable local privilege escalation if users have not manually secured those directories. This vulnerability stems from CWE-276 (Incorrect Default Permissions) and carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
A low-privileged local user (PR:L) can exploit this issue with low complexity and no user interaction required. By accessing the insecurely permissioned sub-directories in the non-default installation path, the attacker can escalate privileges, potentially achieving high impacts on confidentiality, integrity, and availability.
The Tenable advisory (TNS-2025-02) at https://www.tenable.com/security/tns-2025-02 addresses mitigation by recommending an upgrade to Nessus Agent 10.8.3 or later, which properly enforces secure permissions on sub-directories during non-default installations.
Details
- CWE(s)
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The vulnerability is a direct instance of incorrect default directory permissions (CWE-276) on Windows non-default install paths, enabling local privilege escalation via file system permissions weakness.