CVE-2025-36631 | THREATINT

Description

In Tenable Agent versions prior to 10.8.5 on a Windows host, it was found that a non-administrative user could overwrite arbitrary local system files with log content at SYSTEM privilege.

PUBLISHED Reserved 2025-04-15 | Published 2025-06-13 | Updated 2025-06-13 | Assigner tenable

HIGH: 8.4CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H

Problem types

CWE-269 Improper Privilege Management

Product status

Default status

affected

Any version before 10.8.5

affected

References

www.tenable.com/security/tns-2025-11

cve.org (CVE-2025-36631)

nvd.nist.gov (CVE-2025-36631)

Download JSON