Systems that appear secure can sometimes harbor the greatest threats. This is the case with two newly discovered vulnerabilities in versions of Tenable Network Monitor prior to 6.5.1 on Windows systems. Identified as CVE-2025-24917 and CVE-2025-24916, these flaws allow an attacker to perform local privilege escalation.
🔓 CVE-2025-24917 – From User to SYSTEM
Description:
Older versions of Tenable Network Monitor on Windows allow standard users to gain SYSTEM privileges. Attackers can stage malicious files in a local directory, leading to code execution with elevated rights.
-
Score: 7.8 (High)
-
Vector: Local access, user interaction required
-
Type: CWE-284 – Improper Access Control
🛠️ CVE-2025-24916 – Forgotten Permissions in Directory Depths
Description:
This issue is more subtle but just as dangerous. When Tenable is installed to a non-default path, sub-directory permissions aren’t enforced securely. If users don’t manually tighten them, attackers can exploit the weak spots.
-
Score: 7.0 (High)
-
Condition: Non-default installation path + lax folder permissions
Hidden Threats: Why It Matters
The most dangerous vulnerabilities are often the quietest. These issues can be exploited without detection, with logs wiped and systems covertly taken over.
In this case, the real threat may come not from external hackers—but from the inside.
✅ Solutions and Recommendations
-
Upgrade to Tenable Network Monitor 6.5.1 immediately.
-
Audit all non-default installation directories.
-
Review and restrict user permission policies routinely.
Extra Notes:
-
This update also includes critical upgrades to OpenSSL, libxml2, cURL, libpcap, and other libraries.