CVE-2025-36640 identifies a vulnerability in the Tenable Nessus Agent Tray App specifically on Windows hosts, related to improper privilege management (CWE-269) during the installation or uninstallation process. The flaw allows a user with limited privileges (local access with low privileges) to escalate their privileges potentially to administrative or SYSTEM level. This escalation occurs because the installation/uninstallation routines do not adequately enforce privilege boundaries or secure the execution context, allowing unauthorized privilege elevation. The affected versions include all Nessus Agent versions up to and including 11.0.0. The vulnerability was reserved in April 2025 and published in January 2026, with a CVSS 4.0 base score of 7.3, reflecting high severity. The vector metrics indicate local attack vector (AV:L), low attack complexity (AC:L), privileges required are low (PR:L), no user interaction (UI:N), and high impact on confidentiality, integrity, and availability (all high). No public exploits have been reported yet, but the potential for misuse exists given the critical role of Nessus Agent in vulnerability management and security monitoring. The lack of patch links suggests a patch may not yet be publicly available, emphasizing the need for vigilance and interim mitigations.

If exploited, this vulnerability could allow an attacker with limited local access to escalate privileges on Windows hosts running the Nessus Agent. This could lead to unauthorized access to sensitive system functions, modification or deletion of critical files, disabling of security controls, and potential lateral movement within the network. Given the Nessus Agent's role in vulnerability scanning and security monitoring, compromise could undermine an organization's security posture, allowing attackers to evade detection or manipulate vulnerability data. The impact extends to confidentiality, integrity, and availability of affected systems, potentially affecting enterprise environments, especially those relying heavily on Tenable's security tools. The absence of known exploits reduces immediate risk but does not eliminate the threat, as attackers may develop exploits once details become widely known. Organizations with large Windows deployments using Nessus Agent are particularly at risk, and the vulnerability could be leveraged in targeted attacks against critical infrastructure or high-value targets.

Organizations should immediately inventory their Windows hosts to identify Nessus Agent installations and verify versions. Until a patch is released, restrict local user permissions to prevent unauthorized installation or uninstallation of the Nessus Agent Tray App. Employ application whitelisting and endpoint protection controls to monitor and block unauthorized privilege escalation attempts. Use Windows security features such as User Account Control (UAC) and Group Policy to limit software installation rights to trusted administrators only. Monitor system logs for unusual installation or uninstallation activity related to the Nessus Agent. Coordinate with Tenable for timely updates and apply patches promptly once available. Consider isolating critical systems running Nessus Agent to reduce exposure. Additionally, review and harden the overall privilege management policies on Windows hosts to minimize the attack surface for privilege escalation vulnerabilities.