CVE-2025-36640 is a vulnerability classified under CWE-269 (Improper Privilege Management) affecting the Tenable Nessus Agent Tray App on Windows hosts. The flaw exists in the installation and uninstallation processes of the Tray App, which can be exploited by an attacker who already has limited privileges (low-level privileges) on the system to escalate their privileges to a higher level. This escalation could allow the attacker to execute code or perform actions with elevated rights, potentially compromising the system's confidentiality, integrity, and availability. The CVSS v4.0 score of 7.3 reflects a high severity, with an attack vector limited to local access (AV:L), low attack complexity (AC:L), and requiring privileges (PR:L) but no user interaction (UI:N). The vulnerability impacts multiple security properties (VC:H, VI:H, VA:H) and has a high scope (S:H), indicating that the exploit could affect resources beyond the initially compromised component. The affected versions include all Nessus Agent versions up to 11.0.0. Although no public exploits have been reported yet, the nature of the vulnerability suggests that it could be leveraged in targeted attacks or insider threat scenarios. The vulnerability was reserved in April 2025 and published in January 2026, indicating a recent disclosure. The lack of available patches at the time of reporting necessitates immediate mitigation steps to reduce exposure. Given the widespread use of Tenable Nessus Agent in enterprise environments for vulnerability management, this vulnerability poses a significant risk if exploited.

For European organizations, the impact of CVE-2025-36640 could be substantial, especially for those relying heavily on Tenable Nessus Agent for vulnerability scanning and security posture management. Successful exploitation could allow attackers to gain elevated privileges on Windows hosts, potentially leading to unauthorized access to sensitive data, disruption of security monitoring capabilities, and lateral movement within networks. This could undermine the integrity of security operations and increase the risk of further compromise. Critical infrastructure sectors such as finance, energy, healthcare, and government agencies in Europe are particularly at risk due to their reliance on robust vulnerability management tools and the sensitive nature of their data. The high severity and scope of the vulnerability mean that even a single exploited host could compromise broader network segments. Additionally, regulatory frameworks like GDPR impose strict requirements on data protection, and a breach facilitated by this vulnerability could lead to significant legal and financial consequences. The absence of known exploits currently provides a window for proactive defense, but the potential for rapid weaponization remains a concern.

1. Immediate mitigation should focus on restricting local access to systems running the Nessus Agent Tray App, ensuring that only trusted administrators have the necessary privileges to install or uninstall software. 2. Implement strict role-based access controls (RBAC) and limit the use of privileged accounts on affected Windows hosts. 3. Monitor logs and system events for unusual installation or uninstallation activities related to the Nessus Agent Tray App. 4. Employ application whitelisting to prevent unauthorized execution of installation or uninstallation binaries. 5. Until a patch is released, consider temporarily disabling the Nessus Agent Tray App where feasible or isolating affected systems from critical network segments. 6. Stay informed on Tenable’s advisories and apply patches immediately once available. 7. Conduct internal audits to identify all systems running vulnerable versions and prioritize them for remediation. 8. Enhance endpoint detection and response (EDR) capabilities to detect privilege escalation attempts. 9. Educate IT staff about the vulnerability and the importance of maintaining least privilege principles. 10. Review and update incident response plans to include scenarios involving local privilege escalation via security tools.