Home

Description

In Nessus versions prior to 10.8.4, a non-authenticated attacker could alter Nessus logging entries by manipulating http requests to the application.

PUBLISHED Reserved 2025-04-15 | Published 2025-04-18 | Updated 2025-04-18 | Assigner tenable




MEDIUM: 4.3CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Problem types

CWE-117: Improper Output Neutralization for Logs

Product status

Default status
affected

Any version before 10.8.4
affected

References

www.tenable.com/security/tns-2025-05

cve.org (CVE-2025-36625)

nvd.nist.gov (CVE-2025-36625)

Download JSON