CVE-2025-36631

Summary

In Tenable Agent versions prior to 10.8.5 on a Windows host, it was found that a non-administrative user could overwrite arbitrary local system files with log content at SYSTEM privilege.

Affected Software

VendorProductVersion RangeStatus
TenableAgent0 < 10.8.5affected

Weaknesses

  • CWE-269: CWE-269 Improper Privilege Management

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References