Close Menu
Cybercrime and Ransomware

Critical Vulnerabilities Resolved in Tenable Nessus Agent

Staff WriterBy No Comments3 Mins Read3 Views

Essential Insights

  1. High-Severity Vulnerabilities Identified: Tenable has patched three high-severity vulnerabilities (CVE-2025-36631, CVE-2025-36632, CVE-2025-36633) in Nessus Agent for Windows, which could allow non-administrative users to escalate privileges and execute malicious actions.

  2. Impact and CVSS Scores: The vulnerabilities have CVSS scores of 8.4, 7.8, and 8.8, enabling the potential for actions like file overwriting, arbitrary code execution, and file deletion with System privileges.

  3. Affected Versions and Resolution: These vulnerabilities affect Nessus Agent versions 10.8.4 and earlier, with the resolution made available in version 10.8.5 for users to download.

  4. No Evidence of Exploits: While no active exploits have been reported, Tenable advises immediate updates to mitigate potential risks associated with these vulnerabilities.

Underlying Problem

Tenable has recently unveiled critical patches addressing three severe vulnerabilities in the Nessus Agent for Windows, which could potentially allow unauthorized users—specifically those logged into non-administrative accounts—to execute file operations and escalate privileges. The vulnerabilities, tracked as CVE-2025-36631 (CVSS score 8.4), CVE-2025-36632 (CVSS score 7.8), and CVE-2025-36633 (CVSS score 8.8), enable non-administrators to overwrite local system files, execute arbitrary code, and delete files, respectively. Such exploits could lead to significant security risks by granting users elevated privileges, thus compromising the integrity of the affected systems.

Affected versions are Nessus Agent 10.8.4 and earlier, with Tenable’s resolution provided through the recently released version 10.8.5 available on their download portal. While Tenable has not reported any instances of these vulnerabilities being exploited in real-world scenarios, they strongly recommend users apply the updates promptly to safeguard their systems. The company has previously encountered issues with specific agent versions but emphasized that those incidents did not pose security threats, assuring that no customers were adversely impacted.

Potential Risks

The recent disclosure of high-severity vulnerabilities in Tenable’s Nessus Agent for Windows poses significant risks not only to users of the affected software but also to broader business ecosystems that rely on it for asset security management. Specifically, vulnerabilities CVE-2025-36631, CVE-2025-36632, and CVE-2025-36633, with CVSS scores ranging from 7.8 to 8.8, could enable non-administrative users to execute arbitrary code and manipulate critical system files with elevated privileges. If exploited, these flaws could lead to unauthorized access, data loss, and compromised systems, undermining trust in operational integrity and security compliance across an organization. This scenario is particularly alarming for businesses interconnected through supply chains, as breaches in one entity can propagate risks to others, potentially resulting in reputational damage, legal liabilities, and significant operational disruptions. Consequently, timely updates to the latest version (10.8.5) are imperative to mitigate these vulnerabilities and safeguard organizational resources against potential exploitation.

Possible Next Steps

Timely remediation of high-severity vulnerabilities is crucial in safeguarding organizational integrity and preventing potential breaches.

Mitigation Steps

  1. Immediate Patch Deployment
  2. Enhanced Monitoring
  3. Vulnerability Assessment
  4. User Education
  5. Access Controls Verification
  6. Incident Response Preparation

NIST CSF Guidance
The NIST Cybersecurity Framework (CSF) underscores the necessity of timely remediation, advocating for proactive measures to manage vulnerabilities effectively. For comprehensive details, refer to NIST Special Publication (SP) 800-53 for security and privacy controls.

Continue Your Cyber Journey

Discover cutting-edge developments in Emerging Tech and industry Insights.

Explore engineering-led approaches to digital security at IEEE Cybersecurity.

Disclaimer: The information provided may not always be accurate or up to date. Please do your own research, as the cybersecurity landscape evolves rapidly. Intended for secondary references purposes only.

Cyberattacks-V1

Share.
Avatar photo

John Marcelli is a staff writer for the CISO Brief, with a passion for exploring and writing about the ever-evolving world of technology. From emerging trends to in-depth reviews of the latest gadgets, John stays at the forefront of innovation, delivering engaging content that informs and inspires readers. When he's not writing, he enjoys experimenting with new tech tools and diving into the digital landscape.

Related Posts

Comments are closed.