CVE-2025-36633
BaseFortify
Publication date: 2025-06-13
Last updated on: 2025-10-23
Assigner: Tenable Network Security, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| tenable | nessus_agent | to 10.8.5 (exc) |
| microsoft | windows | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-NVD-CWE-noinfo | |
| CWE-269 | The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in Tenable Agent versions prior to 10.8.5 on Windows hosts allows a non-administrative user to arbitrarily delete local system files with SYSTEM privilege. This means that a user without administrative rights can remove critical system files, which can lead to local privilege escalation. [1]
How can this vulnerability impact me? :
The vulnerability can allow a non-administrative user to delete important system files with SYSTEM privileges, potentially leading to local privilege escalation. This means an attacker could gain higher-level access on the affected system, compromising system integrity, confidentiality, and availability. [1]
What immediate steps should I take to mitigate this vulnerability?
Upgrade Tenable Nessus Agent on Windows hosts to version 10.8.5 or later, as this version addresses CVE-2025-36633 along with other critical vulnerabilities. This upgrade mitigates the risk of arbitrary deletion of local system files by non-administrative users operating with SYSTEM privileges. [1]