Executive Summary

Tenable's Security Advisory TNS-2025-10 highlights critical vulnerabilities affecting the Tenable Network Monitor software, specifically versions prior to 6.5.1 on Windows hosts. These vulnerabilities, due to outdated third-party components such as OpenSSL, expat, curl, libpcap, and libxml2, present significant risks of local privilege escalation. The vulnerability identifiers CVE-2025-24916 and CVE-2025-24917 are associated with improper access control, allowing non-administrative users the potential to execute arbitrary code with elevated privileges. This report outlines the technical details, potential exploitation scenarios, and recommended mitigation strategies to safeguard against these vulnerabilities.

Technical Information

The Tenable Network Monitor is integral for comprehensive network monitoring and vulnerability management, yet the discovery of critical vulnerabilities poses a notable threat. The vulnerabilities in question stem from outdated versions of third-party libraries integrated into the software, which were vulnerable to exploitation. CVE-2025-24916 allows a non-administrative user to manipulate local directories, potentially leading to arbitrary code execution with SYSTEM privileges. Similarly, CVE-2025-24917 permits privilege escalation via similar improper access controls. The vulnerabilities highlight the necessity for robust access controls and updated third-party components. Notably, these issues were exacerbated by insecure permissions when installations deviated from default directories.

Exploitation in the Wild

Currently, there are no documented instances of these vulnerabilities being actively exploited in the wild. However, the nature of local privilege escalation vulnerabilities suggests they could be exploited by malicious actors with local access to systems running vulnerable versions of the software. Indicators of Compromise (IOCs) remain largely theoretical due to the lack of active exploitation reports, yet organizations should remain vigilant for unusual user privilege changes or the unexpected execution of unauthorized code.

APT Groups using this vulnerability

While no specific Advanced Persistent Threat (APT) groups have been reported leveraging these vulnerabilities, the potential for exploitation by actors with local access remains a concern. Organizations should be aware of the general threat landscape, including possible interest from groups targeting sectors with a reliance on network monitoring systems in regions like North America and Europe.

Affected Product Versions

The vulnerabilities affect Tenable Network Monitor versions prior to 6.5.1 on Windows hosts. It is crucial for organizations running these versions to prioritize updates to the latest release to mitigate potential risks.

Workaround and Mitigation

To address these vulnerabilities, organizations should upgrade to Tenable Network Monitor version 6.5.1 or later, which resolves the identified issues. It is essential to ensure that secure permissions are applied during installation, particularly when not utilizing default directories. Regular updates of all third-party components are critical to prevent similar vulnerabilities. Organizations should consider implementing comprehensive access control measures to limit potential exploitation vectors.

References

• Tenable Security Advisory: https://www.tenable.com/security/tns-2025-10
• NVD Details for CVE-2025-24916: https://nvd.nist.gov/vuln/detail/CVE-2025-24916
• NVD Details for CVE-2025-24917: https://nvd.nist.gov/vuln/detail/CVE-2025-24917

Rescana is here for you

Rescana is committed to empowering organizations with our Third Party Risk Management (TPRM) platform, assisting in identifying and mitigating cybersecurity threats posed by vulnerabilities in third-party software. Our platform enables continuous monitoring and risk assessment, equipping businesses with the insights needed to safeguard their digital environments. Should you have any questions regarding this report or require assistance with other cybersecurity concerns, please reach out to us at ops@rescana.com.

This comprehensive report provides Rescana customers with actionable insights into the vulnerabilities identified in Tenable Network Monitor and offers guidance on mitigation strategies. For further information or assistance, feel free to contact us at the provided email address.