Tenable Fixes Three High-Severity Flaws in Vulnerability Scanner Nessus

The high-severity vulnerabilities can allow privilege escalation, code execution and the overwriting of arbitrary files.

The three flaws affect versions 10.8.4 and earlier of Nessus Agent, also known as Tenable Agent, on Windows hosts.

They are tracked as follows:

• CVE-2025-36631: An improper privilege management issue that can lead a non-administrative user to overwrite arbitrary local system files with log content at ‘System’ privilege (CVSSv3.1 score: 8.4).
• CVE-2025-36632: An undisclosed issue that can lead a non-administrative user to execute code with ‘System’ privilege (CVSSv3.0 score: 7.8).
• CVE-2025-36633: An improper privilege management issue that could lead a non-administrative user to arbitrarily delete local system files with ‘System’ privilege, potentially leading to local privilege escalation (CVSSv3.1 score: 8.8).

To read the complete article, see: InfoSecurity Magazine.