Tenable releases patches for Tenable Nessus Agent fixing high-severity vulnerabilities that could allow users to escalate privileges and execute code.

June 16, 2025Cybersecurity News

TL;DR

Tenable recently released important security patches for the Nessus Agent, addressing several high-severity vulnerabilities that could allow local users to escalate privileges, overwrite or delete files, or execute arbitrary code with elevated privileges. The most recent fixes are included in Nessus Agent version 10.8.5, released in June 2025.

Nessus Agent is a lightweight endpoint security application developed by Tenable that extends vulnerability scanning to assets that are difficult or impossible to reach with traditional network-based scans. It is designed to provide comprehensive visibility and coverage across endpoints, remote assets, and transient devices—such as laptops, virtual machines, or systems that are not always connected to the network.

Nessus Agents are installed on target systems (Windows, macOS, Linux). Once installed and registered with a Tenable management platform, they perform scheduled or on-demand scans locally. Results are transmitted back to the manager for centralized analysis and reporting.

Key Vulnerabilities Fixed

The following vulnerabilities were addressed in Nessus Agent version 10.8.5:

CVE ID	Severity (CVSS v3.1)	Description
CVE-2025-36631	8.4 (High)	Allows non-administrative users to overwrite arbitrary local system files with log content as SYSTEM.
CVE-2025-36632	7.8 (High)	Allows non-administrative users to execute arbitrary code with SYSTEM privileges.
CVE-2025-36633	8.8 (High)	Allows non-administrative users to arbitrarily delete local system files with SYSTEM privileges.

Successful exploitation of these vulnerabilities could result in local privilege escalation on affected Windows systems running Nessus Agent versions 10.8.4 and earlier.

Additional Security Improvements

Other recent updates addressed issues such as:
• Fixing improper privilege management and symlink handling that could be abused by local users.
• Updating third-party libraries (e.g., libxml2, expat) to patch potential vulnerabilities.
• Ensuring proper ACLs are set during custom installations on Windows.

Last updated on June 16, 2025

United States	~59% of ransomware attacks globally Thousands per year
Poland	1,000+ per week
Russia	Highest cybercrime threat level
China	Thousands per year
India	115% surge in attacks Q2 2024
Ukraine	Significant surge since 2022
Brazil	Among top countries for blocked attacks
Mexico	65% of businesses hit in 2024
Germany	High targeted rate (EU)
France	High targeted rate (EU)

AS Name	ASN
Bharat Sanchar Nigam Ltd	9829
No.31,Jin-rong Street	4134
CHINA UNICOM China169 Backbone	4837
DigitalOcean, LLC	14061
HUAWEI INTERNATIONAL PTE. LTD.	136907
Amazon.com, Inc.	14618
Alibaba (US) Technology Co., Ltd.	45102
Google LLC	396982
Amazon.com, Inc.	16509
3xK Tech GmbH	200373

IP Address	Notable Exploits/Context
104.238.159.149	SharePoint zero-day, broad exploitation
107.191.58.76	SharePoint zero-day, government targets
96.9.125.147	SharePoint, previously Ivanti exploits
139.162.47.194	Exploits on CitrixBleed 2
38.180.148.215	CitrixBleed 2 campaigns
185.224.128.17	High activity, Netherlands
89.248.163.200	High activity, Netherlands
15.235.218.150	Associated with APT, active C2
45.9.148.114	Associated with C2, malicious netflow
91.107.150.184	C2 infrastructure, recent IoC

Key Vulnerabilities Fixed

Additional Security Improvements

Share this:

Related