Local Privilege Escalation Vulnerability in Tenable Network Monitor on Windows
CVE-2025-24917

7.8HIGH

Key Information:

Vendor: Tenable
Status: Network Monitor
Vendor: CVE Published:; 23 May 2025

What is CVE-2025-24917?

In affected versions of Tenable Network Monitor, a security flaw allows non-administrative users to stage files in a local directory. This could enable these users to execute arbitrary code with SYSTEM privileges, leading to potential security breaches and unauthorized system control. It is crucial for users and administrators to update to version 6.5.1 or later to mitigate this risk.

Affected Version(s)

Network Monitor Windows 0

References

https://www.tenable.com/security/tns-2025-10

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 23, 2025
Vulnerability Reserved
Jan 28, 2025

Credit

Will Dormann