Skip to main content

CVE-2025-36633: CWE-269 Improper Privilege Management in Tenable Agent

High
VulnerabilityCVE-2025-36633cvecve-2025-36633cwe-269
Published: Fri Jun 13 2025 (06/13/2025, 14:21:04 UTC)
Source: CVE Database V5
Vendor/Project: Tenable
Product: Agent

Description

In Tenable Agent versions prior to 10.8.5 on a Windows host, it was found that a non-administrative user could arbitrarily delete local system files with SYSTEM privilege, potentially leading to local privilege escalation.

AI-Powered Analysis

AILast updated: 06/13/2025, 14:49:42 UTC

Technical Analysis

CVE-2025-36633 is a high-severity vulnerability affecting Tenable Agent versions prior to 10.8.5 on Windows hosts. The root cause is improper privilege management (CWE-269), where a non-administrative user can delete local system files with SYSTEM-level privileges. This vulnerability arises because the Tenable Agent improperly exposes privileged file deletion capabilities to users without administrative rights. Exploiting this flaw allows an attacker with limited local access to escalate their privileges to SYSTEM, the highest level on Windows, enabling full control over the affected machine. The vulnerability has a CVSS 3.1 base score of 8.8, reflecting high impact on confidentiality, integrity, and availability, with low attack complexity and no user interaction required. The scope is changed, meaning the vulnerability affects resources beyond the initially compromised component. Although no known exploits are currently reported in the wild, the ease of exploitation and severity make this a critical concern for organizations using Tenable Agent on Windows endpoints. The vulnerability can lead to unauthorized deletion of critical system files, potentially causing system instability, denial of service, or enabling further malicious activities such as persistence, data theft, or lateral movement within a network.

Potential Impact

For European organizations, this vulnerability poses significant risks, especially those relying on Tenable Agent for vulnerability management and endpoint security. Successful exploitation could allow attackers to gain SYSTEM privileges on Windows hosts, undermining endpoint security controls and potentially compromising sensitive data. This can disrupt business operations, lead to data breaches, and damage organizational reputation. Critical infrastructure sectors, financial institutions, and government agencies in Europe that deploy Tenable Agent extensively are at heightened risk. The ability to escalate privileges locally could facilitate insider threats or be leveraged by malware and ransomware operators to gain deeper footholds. Additionally, the vulnerability could affect compliance with European data protection regulations such as GDPR if exploited to access or alter protected data. The absence of known exploits currently provides a window for mitigation, but the high severity and ease of exploitation necessitate urgent attention.

Mitigation Recommendations

1. Immediate upgrade: Organizations should prioritize upgrading Tenable Agent to version 10.8.5 or later, where this vulnerability is fixed. 2. Restrict local access: Limit local user accounts on Windows hosts running Tenable Agent to only trusted personnel, reducing the attack surface for privilege escalation. 3. Implement application whitelisting and endpoint detection: Use endpoint protection solutions to monitor and block unauthorized attempts to delete system files or escalate privileges. 4. Harden system permissions: Review and tighten NTFS permissions on system files and directories to prevent unauthorized deletions, even if the agent is compromised. 5. Monitor logs: Enable detailed auditing of file deletions and privilege escalations on Windows hosts to detect suspicious activities early. 6. Network segmentation: Isolate critical systems running Tenable Agent to limit lateral movement in case of compromise. 7. Incident response readiness: Prepare playbooks for local privilege escalation incidents and conduct regular drills to ensure rapid containment. These steps go beyond generic patching advice by focusing on access control, monitoring, and layered defenses tailored to the nature of this vulnerability.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
tenable
Date Reserved
2025-04-15T21:50:46.277Z
Cvss Version
3.1
State
PUBLISHED

Threat ID: 684c36f0a8c9212743809716

Added to database: 6/13/2025, 2:34:24 PM

Last enriched: 6/13/2025, 2:49:42 PM

Last updated: 7/30/2025, 4:17:21 PM

Views: 12

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats