CVE-2025-36633 is a high-severity vulnerability affecting Tenable Agent versions prior to 10.8.5 on Windows hosts. The root cause is improper privilege management (CWE-269), where a non-administrative user can delete local system files with SYSTEM-level privileges. This vulnerability arises because the Tenable Agent improperly exposes privileged file deletion capabilities to users without administrative rights. Exploiting this flaw allows an attacker with limited local access to escalate their privileges to SYSTEM, the highest level on Windows, enabling full control over the affected machine. The vulnerability has a CVSS 3.1 base score of 8.8, reflecting high impact on confidentiality, integrity, and availability, with low attack complexity and no user interaction required. The scope is changed, meaning the vulnerability affects resources beyond the initially compromised component. Although no known exploits are currently reported in the wild, the ease of exploitation and severity make this a critical concern for organizations using Tenable Agent on Windows endpoints. The vulnerability can lead to unauthorized deletion of critical system files, potentially causing system instability, denial of service, or enabling further malicious activities such as persistence, data theft, or lateral movement within a network.

For European organizations, this vulnerability poses significant risks, especially those relying on Tenable Agent for vulnerability management and endpoint security. Successful exploitation could allow attackers to gain SYSTEM privileges on Windows hosts, undermining endpoint security controls and potentially compromising sensitive data. This can disrupt business operations, lead to data breaches, and damage organizational reputation. Critical infrastructure sectors, financial institutions, and government agencies in Europe that deploy Tenable Agent extensively are at heightened risk. The ability to escalate privileges locally could facilitate insider threats or be leveraged by malware and ransomware operators to gain deeper footholds. Additionally, the vulnerability could affect compliance with European data protection regulations such as GDPR if exploited to access or alter protected data. The absence of known exploits currently provides a window for mitigation, but the high severity and ease of exploitation necessitate urgent attention.

1. Immediate upgrade: Organizations should prioritize upgrading Tenable Agent to version 10.8.5 or later, where this vulnerability is fixed. 2. Restrict local access: Limit local user accounts on Windows hosts running Tenable Agent to only trusted personnel, reducing the attack surface for privilege escalation. 3. Implement application whitelisting and endpoint detection: Use endpoint protection solutions to monitor and block unauthorized attempts to delete system files or escalate privileges. 4. Harden system permissions: Review and tighten NTFS permissions on system files and directories to prevent unauthorized deletions, even if the agent is compromised. 5. Monitor logs: Enable detailed auditing of file deletions and privilege escalations on Windows hosts to detect suspicious activities early. 6. Network segmentation: Isolate critical systems running Tenable Agent to limit lateral movement in case of compromise. 7. Incident response readiness: Prepare playbooks for local privilege escalation incidents and conduct regular drills to ensure rapid containment. These steps go beyond generic patching advice by focusing on access control, monitoring, and layered defenses tailored to the nature of this vulnerability.