Updates have been issued by Tenable to address a trio of high-severity security issues impacting its Nessus vulnerability scanner for Windows, reports Infosecurity Magazine.
Most severe of the flaws affecting Nessus Agent versions 10.8.4 and earlier is the improper privilege management vulnerability, tracked as CVE-2025-36633, which could be exploited to facilitate arbitrary system file deletion with SYSTEM privileges and subsequent local privilege escalation, according to Tenable. Also fixed were the improper privilege management bug, tracked as CVE-2025-36631, which could enable arbitrary local system file overwriting with SYSTEM privileges, and the undisclosed defect, tracked as CVE-2025-36632, which could allow code execution with elevated privileges. Organizations have been recommended to immediately adopt Nessus Agent version 10.8.5 to remediate the vulnerabilities, which have not yet been exploited in the wild. Meanwhile, the U.S. National Vulnerability Database team was noted to still be in the process of reviewing the addressed Nessus Agent security issues.
Most severe of the flaws affecting Nessus Agent versions 10.8.4 and earlier is the improper privilege management vulnerability, tracked as CVE-2025-36633, which could be exploited to facilitate arbitrary system file deletion with SYSTEM privileges and subsequent local privilege escalation, according to Tenable. Also fixed were the improper privilege management bug, tracked as CVE-2025-36631, which could enable arbitrary local system file overwriting with SYSTEM privileges, and the undisclosed defect, tracked as CVE-2025-36632, which could allow code execution with elevated privileges. Organizations have been recommended to immediately adopt Nessus Agent version 10.8.5 to remediate the vulnerabilities, which have not yet been exploited in the wild. Meanwhile, the U.S. National Vulnerability Database team was noted to still be in the process of reviewing the addressed Nessus Agent security issues.
