Skip to main content

CVE-2025-36630: CWE-269 Improper Privilege Management in Tenable Nessus

High
VulnerabilityCVE-2025-36630cvecve-2025-36630cwe-269
Published: Tue Jul 01 2025 (07/01/2025, 23:11:13 UTC)
Source: CVE Database V5
Vendor/Project: Tenable
Product: Nessus

Description

In Tenable Nessus versions prior to 10.8.5 on a Windows host, it was found that a non-administrative user could overwrite arbitrary local system files with log content at SYSTEM privilege.

AI-Powered Analysis

AILast updated: 07/01/2025, 23:39:35 UTC

Technical Analysis

CVE-2025-36630 is a high-severity vulnerability affecting Tenable Nessus versions prior to 10.8.5 running on Windows hosts. The core issue is improper privilege management (CWE-269), where a non-administrative user can exploit the vulnerability to overwrite arbitrary local system files with log content at SYSTEM privilege level. This means that a user with limited permissions can escalate their privileges by manipulating Nessus's logging mechanism to write data to critical system files, potentially leading to system compromise. The vulnerability is local (AV:L), requires low attack complexity (AC:L), and limited privileges (PR:L), but no user interaction (UI:N). The scope is changed (S:C), indicating that the vulnerability affects resources beyond the initially compromised component. The impact is high on integrity (I:H) and availability (A:H), but no confidentiality impact (C:N). Although no known exploits are currently reported in the wild, the vulnerability's characteristics make it a significant risk if exploited. The lack of a patch link suggests that remediation may require updating to version 10.8.5 or later once available. This vulnerability highlights a critical flaw in how Nessus handles log file writing permissions on Windows, allowing privilege escalation through file overwrite attacks.

Potential Impact

For European organizations, this vulnerability poses a serious risk, especially for those using Tenable Nessus for vulnerability management on Windows systems. Successful exploitation could allow an attacker with limited access to escalate privileges to SYSTEM level, leading to full control over the affected host. This could result in unauthorized modification or destruction of system files, disruption of security monitoring, and potential lateral movement within networks. Given Nessus's role in security posture management, compromising it could undermine an organization's ability to detect and respond to other threats, increasing overall risk exposure. Critical infrastructure, financial institutions, and enterprises with stringent compliance requirements in Europe could face operational disruptions, data integrity issues, and regulatory consequences if this vulnerability is exploited.

Mitigation Recommendations

European organizations should prioritize upgrading Tenable Nessus installations to version 10.8.5 or later as soon as patches are available. Until then, restrict local user access on Windows hosts running Nessus to trusted administrators only, minimizing the risk of exploitation by non-privileged users. Implement strict file system permissions on Nessus log directories to prevent unauthorized write access. Employ application whitelisting and endpoint detection and response (EDR) solutions to monitor and block suspicious file modification activities. Regularly audit user privileges and Nessus configuration settings to ensure adherence to the principle of least privilege. Additionally, consider isolating Nessus scanning hosts from general user environments to reduce attack surface. Monitoring logs for unusual file overwrite attempts or privilege escalation indicators can provide early warning of exploitation attempts.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
tenable
Date Reserved
2025-04-15T21:50:46.277Z
Cvss Version
3.1
State
PUBLISHED

Threat ID: 68646e2d6f40f0eb7290c91d

Added to database: 7/1/2025, 11:24:29 PM

Last enriched: 7/1/2025, 11:39:35 PM

Last updated: 7/2/2025, 4:56:25 AM

Views: 5

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats