CVE-2025-36632

high

Description

1. In Tenable Agent versions prior to 10.8.5 on a Windows host, it was found that a non-administrative user could overwrite arbitrary local system files with log content at SYSTEM privilege.  - CVE-2025-366312. In Tenable Agent versions prior to 10.8.5 on a Windows host, it was found that a non-administrative user could execute code with SYSTEM privilege. - CVE-2025-366323. In Tenable Agent versions prior to 10.8.5 on a Windows host, it was found that a non-administrative user could arbitrarily delete local system files with SYSTEM privilege, potentially leading to local privilege escalation. - CVE-2025-36633 Tenable has released Agent 10.8.5 to address these issues. The installation files can be obtained from the Tenable Downloads Portal: https://www.tenable.com/downloads/nessus-agents

Details

Source: Mitre, NVD

Published: 2025-06-12

Risk Information

CVSS v2

Base Score: 6.8

Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C

Severity: Medium

CVSS v3

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High

Detections

Analytics