Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
6DescriptionCVE.org
In Tenable Agent versions prior to 10.8.5 on a Windows host, it was found that a non-administrative user could execute code with SYSTEM privilege.
AnalysisAI
Privilege escalation vulnerability in Tenable Agent for Windows (versions prior to 10.8.5) that allows a non-administrative local user to execute arbitrary code with SYSTEM-level privileges. This is a local privilege escalation (LPE) vulnerability with high severity (CVSS 7.8) requiring only local access and low complexity exploitation. The vulnerability represents a critical risk in multi-user Windows environments where standard users could gain complete system control.
Technical ContextAI
The vulnerability exists in Tenable Agent, a endpoint detection and response (EDR) / vulnerability assessment agent deployed on Windows systems. The root cause is classified under CWE-276 (Incorrect Default Permissions), indicating improper access controls on a critical system resource or service. Tenable Agent typically runs with elevated privileges to perform system-level vulnerability scanning and monitoring. The vulnerability allows privilege escalation from a standard user context to SYSTEM, suggesting either: (1) an insecure service running as SYSTEM that can be exploited by unprivileged users, (2) improper file/registry permissions on agent components, or (3) insecure inter-process communication (IPC) mechanisms. The Local Attack Vector (AV:L) and Low Attack Complexity (AC:L) indicate the flaw is likely trivial to exploit once a user has local access—no special conditions or sophisticated techniques required. The vulnerability affects Windows deployments specifically, as the advisory explicitly mentions 'Windows host.'
RemediationAI
Immediate actions: (1) Upgrade Tenable Agent to version 10.8.5 or later on all Windows systems. Tenable has provided a patched version; deployment should be prioritized. (2) For systems that cannot be immediately patched, implement compensating controls: restrict local user access to systems running vulnerable Tenable Agent; disable or suspend non-essential local user accounts; use OS-level privilege policies to limit local user capability. (3) Monitor for exploitation attempts: audit local code execution events, system-level process spawning, and unexpected SYSTEM-context processes originating from standard user sessions. (4) Review Tenable advisories and security bulletins for detailed patch notes and deployment instructions. (5) Test patches in a non-production environment before widespread rollout to ensure compatibility with monitoring requirements. Recommend mandatory upgrade timeline: critical systems within 7 days, all systems within 30 days.
More in Nessus Agent
View allLocal privilege escalation vulnerability in Tenable Agent for Windows (versions prior to 10.8.5) that allows non-adminis
Privilege escalation vulnerability in Tenable Agent for Windows (versions prior to 10.8.5) that allows non-administrativ
A vulnerability in Nessus versions 8.9.0 through 8.12.0 for Windows & Nessus Agent 8.0.0 and 8.1.0 for Windows could all
The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain.
Under certain conditions, a low privileged attacker could load a specially crafted file during installation or upgrade t
Nessus Agent 8.3.0 and earlier was found to contain a local privilege escalation vulnerability which could allow an auth
Nessus Agent 8.3.0 and earlier was found to contain a local privilege escalation vulnerability which could allow an auth
Nessus Agent versions 7.2.0 through 8.2.2 were found to inadvertently capture the IAM role security token on the local h
In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missin
Nessus Agent on Windows systems contains improper file permission controls that allow local authenticated users to trigg
Same weakness CWE-276 – Incorrect Default Permissions
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-18396