The most severe of the flaws affecting Nessus Agent versions 10.8.4 and earlier.
Updates have been issued by Tenable to address a trio of high-severity security issues impacting its Nessus vulnerability scanner for Windows.
The most severe of the flaws affecting Nessus Agent versions 10.8.4 and earlier is the improper privilege management vulnerability, tracked as CVE-2025-36633, which could be exploited to facilitate arbitrary system file deletion with SYSTEM privileges and subsequent local privilege escalation, according to Tenable.
Reported by Infosecurity Magazine, also fixed was an improper privilege management bug, tracked as CVE-2025-36631, which could enable arbitrary local system file overwriting with SYSTEM privileges, and the undisclosed defect, tracked as CVE-2025-36632, which could allow code execution with elevated privileges.
Organisations have been recommended to immediately adopt Nessus Agent version 10.8.5 to remediate the vulnerabilities, which have not yet been exploited in the wild.
Meanwhile, the U.S.
National Vulnerability Database team was noted to still be in the process of reviewing the addressed Nessus Agent security issues.
Written by
Dan Raywood is a B2B journalist with 25 years of experience, including covering cybersecurity for the past 17 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.
He has spoken at events including 44CON, Infosecurity Europe, RANT Forum, BSides Scotland, Steelcon and the National Cyber Security Show, and served as editor of SC Media UK, Infosecurity Magazine and IT Security Guru. He was also an analyst with 451 Research and a product marketing lead at Tenable.
