Full Report
Nessus users should update patches as soon as possible
Analysis Summary
# Vulnerability: Three High-Severity Flaws in Tenable Nessus Agent Leading to Privilege Escalation
## CVE Details
- CVE ID: CVE-2025-36631, CVE-2025-36632, CVE-2025-36633
- CVSS Score: 8.4 (High) for CVE-2025-36631; 7.8 (High) for CVE-2025-36632; 8.8 (High) for CVE-2025-36633
- CWE: Improper Privilege Management (CWE-269) inferred for the two privilege management flaws.
## Affected Systems
- Products: Nessus Agent (also known as Tenable Agent)
- Versions: Versions 10.8.4 and earlier.
- Configurations: Affects installations on Windows hosts.
## Vulnerability Description
Tenable has addressed three high-severity vulnerabilities in its Nessus Agent product on Windows. These flaws, primarily related to improper privilege management, allow a non-administrative user to achieve elevated privileges, potentially leading to local system compromise:
1. **CVE-2025-36631 (CVSS 8.4):** Improper privilege management allows a non-administrative user to overwrite arbitrary local system files using log content, executing this action with 'System' privilege.
2. **CVE-2025-36632 (CVSS 7.8):** An undisclosed issue allows a non-administrative user to execute code with 'System' privilege.
3. **CVE-2025-36633 (CVSS 8.8):** Improper privilege management permits a non-administrative user to arbitrarily delete local system files while running with 'System' privilege, which could result in local privilege escalation.
## Exploitation
- Status: No indication that these vulnerabilities are being actively exploited ("No indication that these vulnerabilities are being actively exploited").
- Complexity: Implied to be relatively low given the threat description of non-administrative users leveraging the flaws across all three CVEs.
- Attack Vector: Local access is required for the attacker (non-administrative user exploitation).
## Impact
- Confidentiality: High (Potential access or modification of system files).
- Integrity: High (Arbitrary file overwriting and deletion, code execution).
- Availability: High (Arbitrary file deletion could lead to denial of service or system instability).
## Remediation
### Patches
- **Tenable Agent Version 10.8.5** is released to address these issues.
### Workarounds
- The vendor strongly recommends updating deployments as soon as possible. No specific workarounds were detailed in the summary.
## Detection
- Detection methods were not specified, but organizations should monitor patch deployment status for Nessus Agent versions 10.8.4 and earlier. IOCs would relate to unexpected file modification or deletion in system directories by low-privileged processes associated with the Nessus Agent service running as SYSTEM.
## References
- Vendor Advisory: tenable security tns-2025-11 (Defanged: `https://www.tenable.com/security/tns-2025-11`)
- News Source: `https://www.infosecurity-magazine.com/news/tenable-fixes-flaws-nessus/`