Skip to main content

Nessus Agent EUVDEUVD-2025-18277

| CVE-2025-36631 HIGH
Improper Privilege Management (CWE-269)
2025-06-13 vulnreport@tenable.com
8.4
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.4 HIGH
AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
None
Integrity
High
Availability
High

Lifecycle Timeline

6
Analysis Updated
Apr 16, 2026 - 06:39 EUVD-patch-fix
executive_summary
Re-analysis Queued
Apr 16, 2026 - 05:29 backfill_euvd_patch
patch_released
Patch available
Apr 16, 2026 - 05:29 EUVD
10.8.5
EUVD ID Assigned
Mar 14, 2026 - 21:34 euvd
EUVD-2025-18277
Analysis Generated
Mar 14, 2026 - 21:34 vuln.today
CVE Published
Jun 13, 2025 - 15:15 nvd
HIGH 8.4

DescriptionCVE.org

In Tenable Agent versions prior to 10.8.5 on a Windows host, it was found that a non-administrative user could overwrite arbitrary local system files with log content at SYSTEM privilege.

AnalysisAI

Privilege escalation vulnerability in Tenable Agent for Windows (versions prior to 10.8.5) that allows non-administrative users to overwrite arbitrary system files with log content while executing at SYSTEM privilege level. This vulnerability enables local attackers without admin rights to achieve arbitrary file write operations with elevated privileges, potentially leading to system compromise. The vulnerability has a CVSS score of 8.4 (High) and affects Windows deployments; patch availability exists in version 10.8.5 and later.

Technical ContextAI

This vulnerability stems from improper privilege management (CWE-269: Improper Access Control) in the Tenable Agent's logging mechanism on Windows platforms. The root cause involves the agent's log writing functionality failing to properly validate file paths or implement appropriate access controls when writing logs with elevated SYSTEM privileges. A non-administrative user can leverage this flaw to redirect or manipulate log output paths, causing arbitrary files on the system to be overwritten with log content while the write operation executes under SYSTEM context. The affected component is the Tenable Agent service running on Windows (CPE likely matching: cpe:2.3:a:tenable:tenable_agent:*:*:*:*:*:windows:*:*). The vulnerability exploits the trust boundary between user-mode code and privileged system operations without sufficient path validation or sandboxing.

RemediationAI

Immediate action: Upgrade Tenable Agent to version 10.8.5 or later on all affected Windows systems. Step-by-step remediation: (1) Identify all Windows endpoints running Tenable Agent versions prior to 10.8.5 using asset inventory or Tenable's own scanning tools; (2) Schedule maintenance windows for patching; (3) Download Tenable Agent 10.8.5+ from Tenable's official release repository; (4) Deploy via group policy, endpoint management tools (SCCM, Intune), or manual update; (5) Verify upgrade completion and agent health post-deployment. Interim mitigations (pre-patch): (1) Restrict local user account creation on Windows systems running Tenable Agent to trusted personnel only; (2) Disable or remove unnecessary local user accounts; (3) Monitor for suspicious log file modifications using Windows Auditing (enable object access auditing for sensitive system files); (4) Implement file integrity monitoring (FIM) solutions to detect unauthorized file changes. Vendor advisory and patch availability: Consult Tenable's official security advisory at https://www.tenable.com/security-advisories or contact Tenable support for the latest patch links and deployment guidance.

CVE-2025-36633 HIGH
8.8 Jun 13

Local privilege escalation vulnerability in Tenable Agent for Windows (versions prior to 10.8.5) that allows non-adminis

CVE-2025-36632 HIGH
7.8 Jun 16

Privilege escalation vulnerability in Tenable Agent for Windows (versions prior to 10.8.5) that allows a non-administrat

CVE-2020-5793 HIGH
7.8 Nov 05

A vulnerability in Nessus versions 8.9.0 through 8.12.0 for Windows & Nessus Agent 8.0.0 and 8.1.0 for Windows could all

CVE-2021-3450 HIGH
7.4 Mar 25

The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain.

CVE-2023-5847 HIGH
7.3 Nov 01

Under certain conditions, a low privileged attacker could load a specially crafted file during installation or upgrade t

CVE-2021-20118 MEDIUM
6.7 Sep 09

Nessus Agent 8.3.0 and earlier was found to contain a local privilege escalation vulnerability which could allow an auth

CVE-2021-20117 MEDIUM
6.7 Sep 09

Nessus Agent 8.3.0 and earlier was found to contain a local privilege escalation vulnerability which could allow an auth

CVE-2021-20077 MEDIUM
6.7 Mar 19

Nessus Agent versions 7.2.0 through 8.2.2 were found to inadvertently capture the IAM role security token on the local h

CVE-2019-16168 MEDIUM
6.5 Sep 09

In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missin

CVE-2026-2026 MEDIUM
6.1 Feb 13

Nessus Agent on Windows systems contains improper file permission controls that allow local authenticated users to trigg

Share

EUVD-2025-18277 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy