CVE-2025-36630

Published Jul 2, 2025

Last updated 7 months ago

CVSS high 8.4
Tenable Nessus

Overview

AI description

Automated description summarized from trusted sources.

CVE-2025-36630 is a vulnerability found in Tenable Nessus versions prior to 10.8.5 on Windows. It allows a non-administrative user to overwrite arbitrary local system files with log content at SYSTEM privilege. This improper privilege management in Nessus can be exploited through the Nessus logging mechanism. Successful exploitation of CVE-2025-36630 could lead to attackers tampering with critical system files, potentially causing system instability, privilege escalation, or denial of service. To address this vulnerability, Tenable has released Nessus versions 10.8.5 and 10.9.0.

Description
In Tenable Nessus versions prior to 10.8.5 on a Windows host, it was found that a non-administrative user could overwrite arbitrary local system files with log content at SYSTEM privilege.
Source
vulnreport@tenable.com
NVD status
Analyzed
Products
nessus

Risk scores

CVSS 3.1

Type
Primary
Base score
7.1
Impact score
5.2
Exploitability score
1.8
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
Severity
HIGH

Weaknesses

vulnreport@tenable.com
CWE-269
nvd@nist.gov
NVD-CWE-noinfo

Social media

Hype score
Not currently trending

  1. CVE-2025-36630 (CVSS:8.4, HIGH) is Awaiting Analysis. In Tenable Nessus versions prior to 10.8.5 on a Windows host, it was found that a non-administrative user could overwrit..https://t.co/5I7wGzK2tf #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre

    @cracbot

    7 Jul 2025

    7 Impressions

    0 Retweets

    0 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  2. Windows向けTenable Nessus Agentに権限昇格の脆弱性。CVE-2025-36630は非管理者ユーザが、SYSTEM権限で任意のローカルシステムファイルをログの中身で上書きすることが可能なもの。修正版提供済み。 https://t.co/zsKaH2XriS

    @__kokumoto

    2 Jul 2025

    1807 Impressions

    1 Retweet

    16 Likes

    5 Bookmarks

    0 Replies

    1 Quote

  3. ⚠️ Nessus for Windows Vulnerabilities Enables Privilege Escalation Attacks Read more: https://t.co/xAZBZEEpnW The security flaws, affecting all Nessus versions prior to 10.8.5, include a critical Windows-specific vulnerability (CVE-2025-36630) that allows unauthorized file

    @The_Cyber_News

    2 Jul 2025

    1197 Impressions

    13 Retweets

    22 Likes

    7 Bookmarks

    1 Reply

    0 Quotes

  4. Tenable社のWindows版Nessusに深刻な脆弱性(CVE-2025-36630)が発見された。これは非管理者ユーザーがSYSTEM権限で任意のシステムファイルを上書きできる可能性があるもので、特にマルチユーザー環境でのリスクが高

    @yousukezan

    2 Jul 2025

    2611 Impressions

    4 Retweets

    22 Likes

    6 Bookmarks

    0 Replies

    0 Quotes

  5. CVE-2025-36630 In Tenable Nessus versions prior to 10.8.5 on a Windows host, it was found that a non-administrative user could overwrite arbitrary local system files with log conten… https://t.co/drH1fIvQW3

    @CVEnew

    1 Jul 2025

    761 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

Related CVEs

  1. A SQL injection vulnerability exists where an authenticated, low-privileged remote attacker could potentially alter scan DB content. CVE-2024-0971
  2. A stored XSS vulnerability exists where an authenticated, remote attacker with administrator privileges on the Nessus application could alter Nessus proxy settings, which could lead to the execution of remote arbitrary scripts. CVE-2024-0955
  3. The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters. Since certificate parsing happens prior to verification of the certificate signature, any process that parses an externally supplied certificate may thus be subject to a denial of service attack. The infinite loop can also be reached when parsing crafted private keys as they can contain explicit elliptic curve parameters. Thus vulnerable situations include: - TLS clients consuming server certificates - TLS servers consuming client certificates - Hosting providers taking certificates or private keys from customers - Certificate authorities parsing certification requests from subscribers - Anything else which parses ASN.1 elliptic curve parameters Also any other applications that use the BN_mod_sqrt() where the attacker can control the parameter values are vulnerable to this DoS issue. In the OpenSSL 1.0.2 version the public key is not parsed during initial parsing of the certificate which makes it slightly harder to trigger the infinite loop. However any operation which requires the public key from the certificate will trigger the infinite loop. In particular the attacker can use a self-signed certificate to trigger the loop during verification of the certificate signature. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0. It was addressed in the releases of 1.1.1n and 3.0.2 on the 15th March 2022. Fixed in OpenSSL 3.0.2 (Affected 3.0.0,3.0.1). Fixed in OpenSSL 1.1.1n (Affected 1.1.1-1.1.1m). Fixed in OpenSSL 1.0.2zd (Affected 1.0.2-1.0.2zc).CVE-2022-0778
  4. Cross-site scripting (XSS) vulnerability in the Windows GUI in Nessus Vulnerability Scanner before 3.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.CVE-2007-3546
  5. Nessus before 2.2.8, and 3.x before 3.0.3, allows user-assisted attackers to cause a denial of service (memory consumption) via a NASL script that calls split with an invalid sep parameter. NOTE: a design goal of the NASL language is to facilitate sharing of security tests by guaranteeing that a script "can not do anything nasty." This issue is appropriate for CVE only if Nessus users have an expectation that a split statement will not use excessive memory.CVE-2006-2093

References

Sources include official advisories and independent security research.