Two high-severity vulnerabilities (CVE-2025-24916, CVE-2025-24917) in Tenable Network Monitor solution, enabling local privilege escalation on Windows systems through insecure directory permissions and arbitrary code execution. 

The security flaws affect all versions prior to 6.5.1 and have been assigned high severity ratings with CVSS scores of 7.0 and 7.8 respectively. 

Security researcher Will Dormann discovered both vulnerabilities, prompting Tenable to issue an immediate patch alongside updates to multiple third-party components.

Local Privilege Escalation Vulnerability

The first vulnerability, CVE-2025-24916, affects installations of Tenable Network Monitor deployed to non-default locations on Windows systems. 

When administrators install the software outside the standard directory structure, versions prior to 6.5.1 fail to enforce secure permissions for sub-directories, creating an attack vector for local privilege escalation. 

This flaw stems from improper access control (CWE-284) where the installer does not restrict access to installation directories appropriately.

The second and more severe vulnerability, CVE-2025-24917, allows non-administrative users to stage malicious files in local directories and execute arbitrary code with SYSTEM privileges. 

This vulnerability enables attackers to escalate from low-privileged user accounts to full system control, potentially compromising the entire Windows host. 

The attack vector requires local access but no user interaction, making it particularly dangerous in environments where multiple users share systems running Tenable Network Monitor.

Third-Party Component Updates Address Security Gaps

Beyond the proprietary vulnerabilities, Tenable Network Monitor 6.5.1 includes comprehensive updates to critical third-party libraries that provide underlying functionality for the passive monitoring platform. 

The update packages OpenSSL version 3.0.16, expat 2.7.0, curl 8.12.0, libpcap 1.10.5, and libxml2 2.13.8 to address known security vulnerabilities in these widely-used components.

These library updates are particularly significant given Tenable Network Monitor’s role in passive network traffic analysis at the packet layer. 

The product monitors IPv4, IPv6, and mixed network traffic to determine topology, services, and vulnerabilities across enterprise environments. 

Updated cryptographic libraries ensure the integrity of the deep packet inspection capabilities that form the core of the platform’s passive vulnerability detection engine.

Tenable strongly recommends that all organizations running Tenable Network Monitor on Windows platforms upgrade to version 6.5.1 immediately through the Tenable Downloads Portal. 

The upgrade is critical for Windows deployments across all supported platforms, including Windows 10, Server 2012, Server 2016, Server 2019, and Server 2022.

For administrators performing the upgrade, Tenable emphasizes the importance of ensuring proper Access Control Lists (ACLs) are enforced on all installation directories, particularly for non-default installation paths. 

The web interface remains accessible at https://<IP address or hostname>:8835 following the upgrade, with enhanced security controls now properly implemented.

These vulnerabilities highlight the ongoing security challenges facing network monitoring solutions that require privileged access to analyze network traffic effectively. 

Organizations using Tenable Network Monitor should prioritize the 6.5.1 update to prevent potential compromise of their passive vulnerability scanning infrastructure and maintain the integrity of their continuous network monitoring capabilities.

Find this News Interesting! Follow us on Google News, LinkedIn, & X to Get Instant Updates!