CVE-2025-24914

HIGH Year: 2025
CVSS v3 Score
7.8
High
Weakness Type
CWE-276
View all →

Vulnerability Description

When installing Nessus to a non-default location on a Windows host, Nessus versions prior to 10.8.4 did not enforce secure permissions for sub-directories. This could allow for local privilege escalation if users had not secured the directories in the non-default installation location. - CVE-2025-24914

Related Vulnerabilities

CVE-2001-0497

HIGH
CVSS:7.8(High)

dnskeygen in BIND 8.2.4 and earlier, and dnssec-keygen in BIND 9.1.2 and earlier, set insecure permissions for a HMAC-MD5 shared secret key file used for DNS Transactional Signatures (TSIG), which all...

CWE-2762001

CVE-2002-1844

HIGH
CVSS:7.8(High)

Microsoft Windows Media Player (WMP) 6.3, when installed on Solaris, installs executables with world-writable permissions, which allows local users to delete or modify the executables to gain privileg...

CWE-2762002

CVE-2005-1941

HIGH
CVSS:7.8(High)

SilverCity before 0.9.5-r1 installs (1) cgi-styler-form.py, (2) cgi-styler.py, and (3) source2html.py with read and write world permissions, which allows local users to execute arbitrary code.

CWE-2762005

CVE-2014-7302

HIGH
CVSS:7.8(High)

SGI Tempo, as used on SGI ICE-X systems, uses weak permissions for certain files, which allows local users to change the permissions of arbitrary files by executing /opt/sgi/sgimc/bin/vx.

CWE-2762014

CVE-2014-7303

HIGH
CVSS:7.8(High)

SGI Tempo, as used on SGI ICE-X systems, uses weak permissions for certain files, which allows local users to obtain password hashes and possibly other unspecified sensitive information by reading etc...

CWE-2762014

CVE-2015-7378

HIGH
CVSS:7.8(High)

Panda Security URL Filtering before 4.3.1.9 uses a weak ACL for the "Panda Security URL Filtering" directory and installed files, which allows local users to gain SYSTEM privileges by modifying Panda_...

CWE-2762015