Skip to main content

Nessus Agent EUVDEUVD-2025-18396

| CVE-2025-36632 HIGH
Incorrect Default Permissions (CWE-276)
2025-06-16 vulnreport@tenable.com
7.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

6
Analysis Updated
Apr 16, 2026 - 06:38 EUVD-patch-fix
executive_summary
Re-analysis Queued
Apr 16, 2026 - 05:29 backfill_euvd_patch
patch_released
Patch available
Apr 16, 2026 - 05:29 EUVD
10.8.5
EUVD ID Assigned
Mar 14, 2026 - 21:59 euvd
EUVD-2025-18396
Analysis Generated
Mar 14, 2026 - 21:59 vuln.today
CVE Published
Jun 16, 2025 - 14:15 nvd
HIGH 7.8

DescriptionCVE.org

In Tenable Agent versions prior to 10.8.5 on a Windows host, it was found that a non-administrative user could execute code with SYSTEM privilege.

AnalysisAI

Privilege escalation vulnerability in Tenable Agent for Windows (versions prior to 10.8.5) that allows a non-administrative local user to execute arbitrary code with SYSTEM-level privileges. This is a local privilege escalation (LPE) vulnerability with high severity (CVSS 7.8) requiring only local access and low complexity exploitation. The vulnerability represents a critical risk in multi-user Windows environments where standard users could gain complete system control.

Technical ContextAI

The vulnerability exists in Tenable Agent, a endpoint detection and response (EDR) / vulnerability assessment agent deployed on Windows systems. The root cause is classified under CWE-276 (Incorrect Default Permissions), indicating improper access controls on a critical system resource or service. Tenable Agent typically runs with elevated privileges to perform system-level vulnerability scanning and monitoring. The vulnerability allows privilege escalation from a standard user context to SYSTEM, suggesting either: (1) an insecure service running as SYSTEM that can be exploited by unprivileged users, (2) improper file/registry permissions on agent components, or (3) insecure inter-process communication (IPC) mechanisms. The Local Attack Vector (AV:L) and Low Attack Complexity (AC:L) indicate the flaw is likely trivial to exploit once a user has local access—no special conditions or sophisticated techniques required. The vulnerability affects Windows deployments specifically, as the advisory explicitly mentions 'Windows host.'

RemediationAI

Immediate actions: (1) Upgrade Tenable Agent to version 10.8.5 or later on all Windows systems. Tenable has provided a patched version; deployment should be prioritized. (2) For systems that cannot be immediately patched, implement compensating controls: restrict local user access to systems running vulnerable Tenable Agent; disable or suspend non-essential local user accounts; use OS-level privilege policies to limit local user capability. (3) Monitor for exploitation attempts: audit local code execution events, system-level process spawning, and unexpected SYSTEM-context processes originating from standard user sessions. (4) Review Tenable advisories and security bulletins for detailed patch notes and deployment instructions. (5) Test patches in a non-production environment before widespread rollout to ensure compatibility with monitoring requirements. Recommend mandatory upgrade timeline: critical systems within 7 days, all systems within 30 days.

CVE-2025-36633 HIGH
8.8 Jun 13

Local privilege escalation vulnerability in Tenable Agent for Windows (versions prior to 10.8.5) that allows non-adminis

CVE-2025-36631 HIGH
8.4 Jun 13

Privilege escalation vulnerability in Tenable Agent for Windows (versions prior to 10.8.5) that allows non-administrativ

CVE-2020-5793 HIGH
7.8 Nov 05

A vulnerability in Nessus versions 8.9.0 through 8.12.0 for Windows & Nessus Agent 8.0.0 and 8.1.0 for Windows could all

CVE-2021-3450 HIGH
7.4 Mar 25

The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain.

CVE-2023-5847 HIGH
7.3 Nov 01

Under certain conditions, a low privileged attacker could load a specially crafted file during installation or upgrade t

CVE-2021-20118 MEDIUM
6.7 Sep 09

Nessus Agent 8.3.0 and earlier was found to contain a local privilege escalation vulnerability which could allow an auth

CVE-2021-20117 MEDIUM
6.7 Sep 09

Nessus Agent 8.3.0 and earlier was found to contain a local privilege escalation vulnerability which could allow an auth

CVE-2021-20077 MEDIUM
6.7 Mar 19

Nessus Agent versions 7.2.0 through 8.2.2 were found to inadvertently capture the IAM role security token on the local h

CVE-2019-16168 MEDIUM
6.5 Sep 09

In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missin

CVE-2026-2026 MEDIUM
6.1 Feb 13

Nessus Agent on Windows systems contains improper file permission controls that allow local authenticated users to trigg

Share

EUVD-2025-18396 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy