CVE-2025-36632
HIGHTenable Nessus Agent < 10.8.5 - Incorrect Default Permissions
Title source: ruleDescription
In Tenable Agent versions prior to 10.8.5 on a Windows host, it was found that a non-administrative user could execute code with SYSTEM privilege.
Scores
CVSS v3
7.8
EPSS
0.0002
EPSS Percentile
5.8%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Classification
CWE
CWE-276
Status
published
Affected Products (1)
tenable/nessus_agent
< 10.8.5
Timeline
Published
Jun 16, 2025
Tracked Since
Feb 18, 2026