CVE-2025-24914: 
Tenable Nessus vulnerability analysis and mitigation

CVE-2025-24914 is a security vulnerability affecting Nessus versions prior to 10.8.4 when installed on Windows systems. The vulnerability was discovered by Will Dormann and disclosed on April 18, 2025. The issue occurs when Nessus is installed to a non-default location on a Windows host, where the software fails to enforce secure permissions for sub-directories (Tenable Advisory, NVD).

The vulnerability is classified as CWE-276: Incorrect Default Permissions. It has been assigned a CVSS v3.1 Base Score of 7.8 (HIGH) with the vector string: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. This indicates that the vulnerability requires local access, low attack complexity, low privileges, and no user interaction to exploit (Tenable Advisory).

If exploited, this vulnerability could allow for local privilege escalation if users have not secured the directories in the non-default installation location. The high CVSS score indicates potential severe impacts on confidentiality, integrity, and availability of the system (Tenable Advisory).

Tenable has released Nessus version 10.8.4 to address this vulnerability. Users are advised to upgrade to this version to mitigate the risk. The fix can be obtained from the Tenable Downloads Portal (Tenable Advisory).