CVE-2025-36630 is a high-severity vulnerability affecting Tenable Nessus versions prior to 10.8.5 running on Windows hosts. The core issue is improper privilege management (CWE-269), where a non-administrative user can exploit the vulnerability to overwrite arbitrary local system files with log content at SYSTEM privilege level. This means that a user with limited permissions can escalate their privileges by manipulating Nessus's logging mechanism to write data to critical system files, potentially leading to system compromise. The vulnerability is local (AV:L), requires low attack complexity (AC:L), and limited privileges (PR:L), but no user interaction (UI:N). The scope is changed (S:C), indicating that the vulnerability affects resources beyond the initially compromised component. The impact is high on integrity (I:H) and availability (A:H), but no confidentiality impact (C:N). Although no known exploits are currently reported in the wild, the vulnerability's characteristics make it a significant risk if exploited. The lack of a patch link suggests that remediation may require updating to version 10.8.5 or later once available. This vulnerability highlights a critical flaw in how Nessus handles log file writing permissions on Windows, allowing privilege escalation through file overwrite attacks.

For European organizations, this vulnerability poses a serious risk, especially for those using Tenable Nessus for vulnerability management on Windows systems. Successful exploitation could allow an attacker with limited access to escalate privileges to SYSTEM level, leading to full control over the affected host. This could result in unauthorized modification or destruction of system files, disruption of security monitoring, and potential lateral movement within networks. Given Nessus's role in security posture management, compromising it could undermine an organization's ability to detect and respond to other threats, increasing overall risk exposure. Critical infrastructure, financial institutions, and enterprises with stringent compliance requirements in Europe could face operational disruptions, data integrity issues, and regulatory consequences if this vulnerability is exploited.

European organizations should prioritize upgrading Tenable Nessus installations to version 10.8.5 or later as soon as patches are available. Until then, restrict local user access on Windows hosts running Nessus to trusted administrators only, minimizing the risk of exploitation by non-privileged users. Implement strict file system permissions on Nessus log directories to prevent unauthorized write access. Employ application whitelisting and endpoint detection and response (EDR) solutions to monitor and block suspicious file modification activities. Regularly audit user privileges and Nessus configuration settings to ensure adherence to the principle of least privilege. Additionally, consider isolating Nessus scanning hosts from general user environments to reduce attack surface. Monitoring logs for unusual file overwrite attempts or privilege escalation indicators can provide early warning of exploitation attempts.