CVE-2025-36633 is a vulnerability identified in Tenable Agent versions prior to 10.8.5 on Windows platforms. The root cause is improper privilege management (CWE-269), where a non-administrative user can exploit the agent's flawed permission handling to delete local system files with SYSTEM-level privileges. This deletion capability effectively allows local privilege escalation, enabling attackers to gain full control over the affected system. The vulnerability does not require user interaction and can be exploited with low complexity, as indicated by the CVSS vector (AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H). The scope is significant because it affects the confidentiality, integrity, and availability of the system, potentially allowing attackers to bypass security controls, manipulate critical files, or disrupt system operations. Although no public exploits have been reported yet, the severity and ease of exploitation make this a critical threat for organizations relying on Tenable Agent for security monitoring and vulnerability scanning. The vulnerability was reserved in April 2025 and published in June 2025, with no patch links provided in the initial disclosure, emphasizing the need for vigilance and prompt updates once patches are available.

The impact of CVE-2025-36633 is substantial for organizations using Tenable Agent on Windows hosts. Successful exploitation results in local privilege escalation from a non-administrative user to SYSTEM, granting attackers full control over the host. This can lead to unauthorized access to sensitive data, modification or deletion of critical system files, disruption of security monitoring, and potential lateral movement within the network. The compromise of SYSTEM privileges undermines the integrity and availability of affected systems, potentially causing operational downtime and data breaches. Organizations with large Windows-based environments and those relying heavily on Tenable Agent for endpoint security are at heightened risk. Additionally, attackers could leverage this vulnerability to disable security agents, evade detection, or establish persistent footholds, increasing the overall threat landscape severity.

To mitigate CVE-2025-36633, organizations should immediately upgrade Tenable Agent to version 10.8.5 or later once available, as this version addresses the improper privilege management issue. Until patches are applied, restrict local user permissions to the minimum necessary and audit user accounts for unnecessary privileges. Implement strict file system monitoring to detect unauthorized deletions or modifications of system files, especially those performed by non-administrative users. Employ endpoint detection and response (EDR) solutions to identify suspicious activities related to privilege escalation attempts. Additionally, conduct regular security assessments and penetration tests focusing on local privilege escalation vectors. Network segmentation and the principle of least privilege should be enforced to limit the potential impact of compromised hosts. Finally, maintain up-to-date backups to enable recovery from potential destructive actions resulting from exploitation.