CVE-2025-36640Improper Privilege Management in Nessus Agent

CWE-269Improper Privilege Management4 documents4 sources
Severity
7.3HIGHNVD
EPSS
0.0%
top 98.59%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Tenable Nessus Agent
Timeline
PublishedJan 13

Description

A vulnerability has been identified in the installation/uninstallation of the Nessus Agent Tray App on Windows Hosts which could lead to escalation of privileges.

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Affected Packages1 packages

CVEListV5tenable/nessus_agent11.0.011.0.2+1

🔴Vulnerability Details

2
GHSA
GHSA-jq82-2wxc-46mm: A vulnerability has been identified in the installation/uninstallation of the Nessus Agent Tray App on Windows Hosts which could lead to escalation of2026-01-13
CVEList
Local Privilege Escalation2026-01-13

🕵️Threat Intelligence

1
Wiz
CVE-2025-36640 Impact, Exploitability, and Mitigation Steps | Wiz
CVE-2025-36640 — Improper Privilege Management | cvebase