Tenable Fixes Three High-Severity Flaws in Nessus

Cybersecurity provider Tenable has released patches for three vulnerabilities in Nessus, its vulnerability scanner.

The high-severity vulnerabilities can allow privilege escalation, code execution and the overwriting of arbitrary files.

The three flaws affect versions 10.8.4 and earlier of Nessus Agent, also known as Tenable Agent, on Windows hosts.

They are tracked as follows:

• CVE-2025-36631: an improper privilege management issue can lead a non-administrative user to overwrite arbitrary local system files with log content at ‘System’ privilege (CVSSv3.1 score: 8.4)
• CVE-2025-36632: an undisclosed issue can lead a non-administrative user to execute code with ‘System’ privilege (CVSSv3.0 score: 7.8)
• CVE-2025-36633: an improper privilege management could lead a non-administrative user to arbitrarily delete local system files with ‘System’ privilege, potentially leading to local privilege escalation (CVSSv3.1 score: 8.8)

The CVE records of the three vulnerabilities in the US National Vulnerability Database (NVD) are marked as “Received,” suggesting that the NVD team has not yet fully analyzed and enriched them.

Tenable has released Agent 10.8.5 to address these issues. Users can find this patched version on the Tenable Downloads Portal.

While there is no indication that these vulnerabilities are being actively exploited, the company recommends that users update their deployments as soon as possible.

Photo credits: MacroEcon/Piotr Swat/Shutterstock

Read now: SentinelOne Warns Cybersecurity Vendors of Chinese Attacks