Platform
windows
Component
tenable-agent
Opgelost in
10.8.5
CVE-2025-36633 describes a privilege escalation vulnerability discovered in Tenable Agent for Windows. This flaw allows a non-administrative user to arbitrarily delete local system files with SYSTEM privileges, potentially leading to a significant compromise of the host system. The vulnerability affects Tenable Agent versions prior to 10.8.5. A fix is available in version 10.8.5.
The impact of CVE-2025-36633 is severe due to the potential for local privilege escalation. An attacker who can exploit this vulnerability can gain SYSTEM-level access to the affected Windows host. This allows them to install malware, steal sensitive data, modify system configurations, and potentially pivot to other systems on the network. The ability to delete arbitrary system files means the attacker could disrupt critical services or render the system unusable. This vulnerability shares similarities with other privilege escalation flaws where unexpected file permissions are exploited to gain elevated access.
CVE-2025-36633 was publicly disclosed on 2025-06-13. The vulnerability's severity is considered HIGH (CVSS: 8.8). As of this writing, there are no publicly available proof-of-concept exploits. It is not currently listed on the CISA KEV catalog, but its high severity warrants monitoring for potential exploitation.
Organizations heavily reliant on Tenable Agent for vulnerability scanning and compliance are at significant risk. Environments with limited user access controls or those running older, unpatched Tenable Agent installations are particularly vulnerable. Shared hosting environments where users have limited but potentially exploitable file system access also face increased risk.
• windows / supply-chain:
Get-WinEvent -LogName Security -Filter "EventID = 4663 and SubjectUserName!=''" |
Where-Object {$_.Properties[6].Value -match "C:\\.*\\.dll"} |
Select-Object TimeCreated, SubjectUserName, ProcessName• windows / supply-chain:
Get-ScheduledTask | Where-Object {$_.TaskName -like "*malicious*"}• windows / supply-chain:
Get-Process | Where-Object {$_.ProcessName -like "*tenableagent*"}disclosure
Exploit Status
EPSS
0.01% (3% percentiel)
CISA SSVC
CVSS-vector
The primary mitigation for CVE-2025-36633 is to upgrade Tenable Agent to version 10.8.5 or later. If an immediate upgrade is not feasible due to compatibility issues or testing requirements, consider implementing stricter file system permissions to limit the ability of non-administrative users to delete critical system files. While not a direct fix, this can reduce the potential impact of a successful exploit. Monitor system logs for unusual file deletion activity. After upgrading, confirm the fix by attempting to execute a file deletion command as a non-administrative user; the operation should be denied.
Actualice Tenable Agent a la versión 10.8.5 o posterior. Esta actualización corrige la vulnerabilidad que permite a usuarios no administrativos eliminar archivos del sistema con privilegios SYSTEM. La actualización se puede realizar a través del panel de control de Tenable o descargando la última versión del agente desde el sitio web de Tenable.
Kwetsbaarheidsanalyses en kritieke waarschuwingen direct in uw inbox.
CVE-2025-36633 is a HIGH severity vulnerability in Tenable Agent affecting versions 0-10.8.5 on Windows, allowing non-admin users to delete system files with SYSTEM privileges, leading to potential local privilege escalation.
You are affected if you are running Tenable Agent versions 0 through 10.8.5 on a Windows host. Check your installed version and upgrade if necessary.
Upgrade Tenable Agent to version 10.8.5 or later. If immediate upgrade is not possible, implement stricter file system permissions as a temporary workaround.
As of the current date, there are no publicly known active exploitation campaigns targeting CVE-2025-36633, but its high severity warrants vigilance.
Refer to the official Tenable security advisory for detailed information and updates regarding CVE-2025-36633: [https://www.tenable.com/security/advisories/CVE-2025-36633](https://www.tenable.com/security/advisories/CVE-2025-36633)
Upload je dependency-bestand en kom direct te weten of deze en andere CVEs jou raken.