CVE-2025-36630 | THREATINT

Description

In Tenable Nessus versions prior to 10.8.5 on a Windows host, it was found that a non-administrative user could overwrite arbitrary local system files with log content at SYSTEM privilege.

PUBLISHED Reserved 2025-04-15 | Published 2025-07-01 | Updated 2025-07-02 | Assigner tenable

HIGH: 8.4CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H

Problem types

CWE-269 Improper Privilege Management

Product status

Default status

affected

Any version before 10.8.5

affected

Credits

Rishad Sheikh - CVE-2025-36630 finder

References

www.tenable.com/security/tns-2025-13

cve.org (CVE-2025-36630)

nvd.nist.gov (CVE-2025-36630)

Download JSON