CVE-2025-36640 is a vulnerability classified under CWE-269 (Improper Privilege Management) affecting the Tenable Nessus Agent Tray App on Windows hosts. The flaw arises during the installation or uninstallation processes of the Tray App, where insufficient privilege checks allow users with limited rights to escalate their privileges. This escalation could enable unauthorized access to sensitive system functions or data, undermining system security. The vulnerability affects Nessus Agent versions from initial releases up to 11.0.0. The CVSS 4.0 vector (AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:P) indicates that the attack requires local access with low privileges, no user interaction, and partial authentication, but results in high impact on confidentiality, integrity, and availability. While no public exploits have been reported, the vulnerability's nature makes it a significant risk, especially in environments where Nessus Agents are widely deployed for vulnerability management. The improper privilege management could be exploited by malicious insiders or attackers who have gained limited access to escalate privileges and potentially compromise the host system. This vulnerability highlights the importance of secure installation routines and strict privilege enforcement in security tools themselves, as they are often trusted components within enterprise environments.

For European organizations, the impact of CVE-2025-36640 can be substantial. Nessus Agent is widely used across Europe for vulnerability scanning and security posture management, particularly in sectors like finance, government, healthcare, and critical infrastructure. A successful privilege escalation attack could allow adversaries to gain administrative control over Windows hosts, leading to unauthorized access to sensitive data, disruption of security monitoring, and potential lateral movement within networks. This could compromise confidentiality, integrity, and availability of critical systems. Given the high CVSS score and the fact that the vulnerability does not require user interaction, attackers with limited local access could exploit this flaw to bypass security controls. This risk is exacerbated in environments with many endpoints running Nessus Agent, increasing the attack surface. The vulnerability could also undermine trust in security tools, complicating incident response and compliance efforts under regulations such as GDPR and NIS Directive. Organizations may face operational disruptions, data breaches, and regulatory penalties if this vulnerability is exploited.

To mitigate CVE-2025-36640, European organizations should implement the following specific measures: 1) Immediately audit and restrict local user permissions on Windows hosts to minimize the number of users with installation or uninstallation rights for the Nessus Agent Tray App. 2) Monitor and log installation and uninstallation activities of the Nessus Agent to detect unauthorized privilege escalation attempts. 3) Apply the official patches or updates from Tenable as soon as they become available; in the meantime, consider temporarily disabling the Tray App if feasible. 4) Employ application whitelisting and endpoint protection solutions to prevent unauthorized execution of installation/uninstallation binaries. 5) Conduct regular vulnerability assessments focusing on privilege escalation vectors within endpoint security tools. 6) Educate system administrators and security teams about this vulnerability to ensure prompt detection and response. 7) Isolate critical systems and limit local administrative access to reduce the impact of potential exploitation. 8) Review and harden Group Policy Objects (GPOs) related to software installation rights on Windows endpoints. These targeted actions go beyond generic advice by focusing on controlling the specific attack vector and monitoring the affected component.