CVE-2025-24914
published 2025-04-18CVE-2025-24914: When installing Nessus to a non-default location on a Windows host, Nessus versions prior to 10.8.4 did not enforce secure permissions for sub-directories…
PriorityP339high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
EPSS
0.13%
2.7th percentile
When installing Nessus to a non-default location on a Windows host, Nessus versions prior to 10.8.4 did not enforce secure permissions for sub-directories. This could allow for local privilege escalation if users had not secured the directories in the non-default installation location. - CVE-2025-24914
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| tenable | nessus | < 10.8.4 | 10.8.4 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Tenable
[R1] Nessus Version 10.8.4 Fixes Multiple Vulnerabilities
blogs_tenable·2025-04-17
[R1] Nessus Version 10.8.4 Fixes Multiple Vulnerabilities
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Wiz
CVE-2025-36640 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.8
CVE-2025-36640 [HIGH] CVE-2025-36640 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-36640 :
Tenable Nessus vulnerability analysis and mitigation
A vulnerability has been identified in the installation/uninstallation of the Nessus Agent Tray App on Windows Hosts which could lead to escalation of privileges.
Source : NVD
## 7.3
Score
Published January 13, 2026
Severity HIGH
CNA Score 7.3
Affected Technologies
Tenable Nessus
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 1.4
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:tenable:nessus
Sources
NVD
Linux Severity HIGH Has Fix Added at: Jan 14, 2026
Windows Severity HIGH Has Fix Added at: Jan 14, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your
2025-04-18
Published