CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-36630 – Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2025-36630
01 Jul 2025 — In Tenable Nessus versions prior to 10.8.5 on a Windows host, it was found that a non-administrative user could overwrite arbitrary local system files with log content at SYSTEM privilege. En versiones de Tenable Nessus anteriores a 10.8.5 en un host Windows, se descubrió que un usuario no administrativo podía sobrescribir archivos arbitrarios del sistema local con contenido de registro con privilegio SYSTEM. • https://www.tenable.com/security/tns-2025-13 • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-36632 – Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2025-36632
16 Jun 2025 — In Tenable Agent versions prior to 10.8.5 on a Windows host, it was found that a non-administrative user could execute code with SYSTEM privilege. • https://www.tenable.com/security/tns-2025-11 • CWE-276: Incorrect Default Permissions •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-36631 – Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2025-36631
13 Jun 2025 — In Tenable Agent versions prior to 10.8.5 on a Windows host, it was found that a non-administrative user could overwrite arbitrary local system files with log content at SYSTEM privilege. • https://www.tenable.com/security/tns-2025-11 • CWE-269: Improper Privilege Management •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-36633 – Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2025-36633
13 Jun 2025 — In Tenable Agent versions prior to 10.8.5 on a Windows host, it was found that a non-administrative user could arbitrarily delete local system files with SYSTEM privilege, potentially leading to local privilege escalation. • https://www.tenable.com/security/tns-2025-11 • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24917 – Improper Access Control leads to Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2025-24917
23 May 2025 — In Tenable Network Monitor versions prior to 6.5.1 on a Windows host, it was found that a non-administrative user could stage files in a local directory to run arbitrary code with SYSTEM privileges, potentially leading to local privilege escalation. • https://www.tenable.com/security/tns-2025-10 • CWE-284: Improper Access Control •
CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24916 – Improper Access Control leads to Local Priviledge Escalation
https://notcve.org/view.php?id=CVE-2025-24916
23 May 2025 — When installing Tenable Network Monitor to a non-default location on a Windows host, Tenable Network Monitor versions prior to 6.5.1 did not enforce secure permissions for sub-directories. This could allow for local privilege escalation if users had not secured the directories in the non-default installation location. • https://www.tenable.com/security/tns-2025-10 • CWE-284: Improper Access Control •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-36625 – Log Poisoning in Nessus
https://notcve.org/view.php?id=CVE-2025-36625
18 Apr 2025 — In Nessus versions prior to 10.8.4, a non-authenticated attacker could alter Nessus logging entries by manipulating http requests to the application. En versiones de Nessus anteriores a 10.8.4, un atacante no autenticado podría alterar las entradas de registro de Nessus manipulando las solicitudes http a la aplicación. • https://www.tenable.com/security/tns-2025-05 • CWE-117: Improper Output Neutralization for Logs •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24914 – Local Priviledge Escalation
https://notcve.org/view.php?id=CVE-2025-24914
18 Apr 2025 — When installing Nessus to a non-default location on a Windows host, Nessus versions prior to 10.8.4 did not enforce secure permissions for sub-directories. This could allow for local privilege escalation if users had not secured the directories in the non-default installation location. - CVE-2025-24914 Al instalar Nessus en una ubicación no predeterminada en un host Windows, las versiones de Nessus anteriores a la 10.8.4 no aplicaban permisos seguros a los subdirectorios. Esto podía permitir la escalada de ... • https://www.tenable.com/security/tns-2025-05 • CWE-276: Incorrect Default Permissions •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24915
https://notcve.org/view.php?id=CVE-2025-24915
21 Mar 2025 — When installing Nessus Agent to a non-default location on a Windows host, Nessus Agent versions prior to 10.8.3 did not enforce secure permissions for sub-directories. This could allow for local privilege escalation if users had not secured the directories in the non-default installation location. • https://www.tenable.com/security/tns-2025-02 • CWE-276: Incorrect Default Permissions •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-0760 – Stored Credential Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2025-0760
25 Feb 2025 — A Credential Disclosure vulnerability exists where an administrator could extract the stored SMTP account credentials due to lack of encryption. • https://www.tenable.com/security/tns-2025-01 • CWE-522: Insufficiently Protected Credentials •