CVE-2025-36632 in Tenable
Summary
by MITRE • 06/16/2025
In Tenable Agent versions prior to 10.8.5 on a Windows host, it was found that a non-administrative user could execute code with SYSTEM privilege.
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Analysis
by VulDB Data Team • 10/22/2025
The vulnerability identified as CVE-2025-36632 represents a critical privilege escalation flaw within Tenable Agent software running on Windows operating systems. This issue affects all versions prior to 10.8.5 and fundamentally undermines the security model of the agent by allowing low-privilege users to execute arbitrary code with the highest system privileges. The flaw exists in the agent's privilege handling mechanisms, creating an unauthorized access vector that could be exploited by malicious actors or compromised accounts within the network.
The technical implementation of this vulnerability stems from improper privilege validation within the Tenable Agent's Windows service architecture. When a non-administrative user interacts with certain agent functions, the system fails to properly verify the user's privilege level before executing sensitive operations. This misconfiguration allows privilege escalation through a combination of insufficient access controls and inadequate privilege separation mechanisms. The vulnerability operates at the kernel level where process privileges are not properly enforced, creating a pathway for users to gain SYSTEM-level access without proper authentication or authorization. The flaw specifically manifests when the agent processes user input or executes administrative functions, bypassing standard Windows privilege checking routines.
The operational impact of CVE-2025-36632 extends beyond simple privilege escalation, as it fundamentally compromises the integrity of the Windows host security model. An attacker exploiting this vulnerability could gain complete control over the affected system, enabling them to install malware, modify system files, access sensitive data, or establish persistence mechanisms. This vulnerability is particularly dangerous in enterprise environments where Tenable agents are deployed across multiple systems for network monitoring and vulnerability assessment. The ability to execute code with SYSTEM privileges provides attackers with unrestricted access to the entire system, including the capability to bypass endpoint protection solutions and evade detection by security monitoring systems. The vulnerability also poses significant risk to compliance requirements, as it could enable unauthorized access to protected data and compromise audit trails.
Organizations should immediately implement mitigation strategies including upgrading Tenable Agent installations to version 10.8.5 or later, which contains the necessary patches to address the privilege escalation flaw. Network segmentation and privilege minimization should be enforced to reduce the potential impact of exploitation, while monitoring systems should be enhanced to detect suspicious privilege escalation activities. Security teams should conduct comprehensive vulnerability assessments to identify all systems running affected Tenable Agent versions and implement immediate remediation measures. The vulnerability aligns with CWE-276, which addresses improper privilege management in software systems, and maps to ATT&CK technique T1068, which covers privilege escalation through exploitation of software vulnerabilities. Additional defensive measures include implementing application whitelisting policies, disabling unnecessary agent services, and conducting regular security audits to ensure proper privilege enforcement mechanisms are in place.