Local Privilege Escalation in Tenable Network Monitor by Tenable
CVE-2025-24916

7HIGH

Key Information:

Vendor: Tenable
Status: Network Monitor
Vendor: CVE Published:; 23 May 2025

What is CVE-2025-24916?

Tenable Network Monitor, when installed to a non-default directory on a Windows system, may face a local privilege escalation risk. Versions prior to 6.5.1 lack proper enforcement of secure permissions for sub-directories. This oversight may enable unauthorized users to escalate their privileges if the installation directories are not adequately secured.

Affected Version(s)

Network Monitor Windows 0

References

https://www.tenable.com/security/tns-2025-10

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 23, 2025
Vulnerability Reserved
Jan 28, 2025

Credit

Will Dormann