10.8.5
CVE-2025-36630 describes a privilege escalation vulnerability discovered in Tenable Nessus versions prior to 10.8.5 running on Windows hosts. This flaw allows a non-administrative user to overwrite arbitrary local system files with log content, effectively gaining SYSTEM-level privileges. Affected versions include Nessus 0 through 10.8.4. A patch is available in version 10.8.5.
The impact of this vulnerability is significant. A successful exploit allows a low-privileged user to gain complete control over the affected Windows system. Attackers could install malware, modify system configurations, steal sensitive data, or establish a persistent foothold within the network. The ability to overwrite arbitrary system files at SYSTEM privilege represents a critical escalation of privileges, enabling widespread compromise. This vulnerability shares similarities with other file overwrite exploits where attackers leverage unexpected file access permissions to gain elevated control.
CVE-2025-36630 was publicly disclosed on July 1, 2025. The vulnerability's severity is considered HIGH (CVSS 8.4). Currently, there are no known public exploits or active campaigns targeting this vulnerability. It is not listed on the CISA KEV catalog as of this writing. The availability of a patch mitigates the immediate risk, but diligent monitoring and patching practices remain essential.
Organizations running Tenable Nessus for vulnerability scanning on Windows systems are at risk. Environments with shared user accounts or where non-administrative users have elevated privileges are particularly vulnerable. Legacy Nessus installations that have not been regularly patched are also at increased risk.
• windows / supply-chain:
Get-Process -Name Nessus | Select-Object -ExpandProperty ProcessId• windows / supply-chain:
Get-WinEvent -LogName Security -Filter "EventID = 4663 and SubjectUserName!=''" | Where-Object {$_.Properties[0].Value -like "*Nessus*"} | Format-List SubjectUserName, ProcessName, ProcessId• windows / supply-chain:
Get-ItemProperty -Path 'HKLM:\SOFTWARE\Tenable\Nessus' -Name Versiondisclosure
エクスプロイト状況
EPSS
0.02% (6% パーセンタイル)
CISA SSVC
CVSS ベクトル
The primary mitigation is to immediately upgrade Tenable Nessus to version 10.8.5 or later. If upgrading is not immediately feasible, consider implementing temporary workarounds. Restricting write access to Nessus log directories for non-administrative users can limit the potential for file overwrites. Monitor system logs for unusual file modification activity, particularly within Nessus-related directories. Implement a Web Application Firewall (WAF) with rules to detect and block attempts to manipulate file paths or content within the Nessus application. After upgrading, confirm the fix by attempting to execute a non-administrative user account and verifying that file overwrites are blocked.
Actualice Nessus a la versión 10.8.5 o posterior. Esta actualización corrige la vulnerabilidad que permite a usuarios no administrativos sobrescribir archivos del sistema con privilegios SYSTEM. La actualización se puede realizar a través de la interfaz de Nessus o descargando el instalador más reciente desde el sitio web de Tenable.
脆弱性分析と重要アラートをメールでお届けします。
CVE-2025-36630 is a HIGH severity vulnerability affecting Tenable Nessus versions 0-10.8.4 on Windows, allowing non-admin users to overwrite system files with log content, gaining SYSTEM privileges.
You are affected if you are running Tenable Nessus versions 0 through 10.8.4 on a Windows host. Upgrade to version 10.8.5 or later to resolve the issue.
Upgrade Tenable Nessus to version 10.8.5 or later. As a temporary workaround, restrict write access to Nessus log directories for non-administrative users.
As of July 1, 2025, there are no known public exploits or active campaigns targeting CVE-2025-36630.
Refer to the official Tenable security advisory for CVE-2025-36630 on the Tenable website (https://www.tenable.com/security-advisories).