CVE-2025-36631

Published Jun 13, 2025

Last updated 5 months ago

CVSS high 8.4
Tenable Agent

Overview

Description
In Tenable Agent versions prior to 10.8.5 on a Windows host, it was found that a non-administrative user could overwrite arbitrary local system files with log content at SYSTEM privilege.
Source
vulnreport@tenable.com
NVD status
Analyzed
Products
nessus_agent

Risk scores

CVSS 3.1

Type
Primary
Base score
7.8
Impact score
5.9
Exploitability score
1.8
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity
HIGH

Weaknesses

vulnreport@tenable.com
CWE-269
nvd@nist.gov
NVD-CWE-noinfo

Social media

Hype score
Not currently trending

  1. ⚠️ Vulnerabilidades de Nessus corregidas ❗CVE-2025-36633 ❗CVE-2025-36631 ❗CVE-2025-36632 ➡️Más info: https://t.co/rYGFxXUF9g https://t.co/AJopyil0Hv

    @CERTpy

    20 Jun 2025

    117 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. Tenable patches three critical vulnerabilities in Nessus Agent for Windows (CVE-2025-36631/32/33), enabling privilege escalation, file deletion, and arbitrary code execution. Update to version 10.8.5 now 🔒🖥️ #Vulnerability #SecurityUpdate #US https://t.co/gxieOoQYBc

    @TweetThreatNews

    16 Jun 2025

    54 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. Tenable Agent for Windowsに深刻な権限昇格の脆弱性。CVE-2025-36631~36633は、非管理者のユーザーがSYSTEM権限でそれぞれ任ファイルの上書き、任意コードの実行、任ファイルの削除を行えるもの。バージョン10.8.5で修正

    @__kokumoto

    15 Jun 2025

    1238 Impressions

    2 Retweets

    10 Likes

    2 Bookmarks

    0 Replies

    0 Quotes

  4. [CVE-2025-36631: HIGH] In Tenable Agent versions prior to 10.8.5 on a Windows host, it was found that a non-administrative user could overwrite arbitrary local system files with log content at SYSTEM privilege.#cve,CVE-2025-36631,#cybersecurity https://t.co/jXI6c2RZMt https://t.c

    @CveFindCom

    13 Jun 2025

    40 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. CVE-2025-36631 In Tenable Agent versions prior to 10.8.5 on a Windows host, it was found that a non-administrative user could overwrite arbitrary local system files with log content… https://t.co/DAke0ALbEF

    @CVEnew

    13 Jun 2025

    452 Impressions

    1 Retweet

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

Related CVEs

  1. A vulnerability has been identified where weak file permissions in the Nessus Agent directory on Windows hosts could allow unauthorized access, potentially permitting Denial of Service (DoS) attacks.CVE-2026-2026
  2. In Tenable Agent versions prior to 10.8.5 on a Windows host, it was found that a non-administrative user could execute code with SYSTEM privilege.CVE-2025-36632
  3. In Tenable Agent versions prior to 10.8.5 on a Windows host, it was found that a non-administrative user could arbitrarily delete local system files with SYSTEM privilege, potentially leading to local privilege escalation.CVE-2025-36633

References

Sources include official advisories and independent security research.