CVE-2025-24915: 
Tenable Nessus vulnerability analysis and mitigation

A security vulnerability (CVE-2025-24915) was discovered in Nessus Agent versions prior to 10.8.3. The vulnerability exists when installing Nessus Agent to a non-default location on a Windows host, where the software failed to enforce secure permissions for sub-directories (NVD, Tenable Advisory).

The vulnerability is classified as CWE-276 (Incorrect Default Permissions) and has received a CVSS v3.1 Base Score of 7.8 (HIGH) with the following vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. The technical issue stems from improper permission enforcement in sub-directories when Nessus Agent is installed in non-default locations on Windows systems (Tenable Advisory).

This vulnerability could allow for local privilege escalation if users had not secured the directories in the non-default installation location. The high CVSS score indicates potential severe impacts on system confidentiality, integrity, and availability if exploited (NVD).

Tenable has released Nessus Agent version 10.8.3 to address this vulnerability. Users are advised to upgrade to this version through the Tenable Downloads Portal. For users on the Nessus Agent 10.7.X track, separate guidance is available (Tenable Advisory).