Tenable has recently disclosed significant security vulnerabilities in its Nessus vulnerability scanner, particularly affecting Windows systems. These flaws, present in all Nessus versions prior to 10.8.5, pose substantial risks, including potential privilege escalation attacks that could compromise system integrity.
Overview of Identified Vulnerabilities
The most critical of these vulnerabilities, designated as CVE-2025-36630, is specific to Windows installations of Nessus. This flaw allows non-administrative users to overwrite arbitrary local system files with log content at SYSTEM privilege level, effectively enabling privilege escalation. With a CVSSv3 base score of 8.4, this vulnerability is classified as high severity. The attack vector requires local access with low complexity, meaning an attacker with minimal privileges can exploit the flaw without user interaction. The scope is marked as Changed, indicating that the vulnerability can affect resources beyond its original security context. Security researcher Rishad Sheikh reported this issue to Tenable on May 10, 2025.
In addition to CVE-2025-36630, Tenable has addressed vulnerabilities in third-party components integral to Nessus’s functionality. The company has upgraded libxml2 to version 2.13.8 and libxslt to version 1.1.43 to remediate vulnerabilities CVE-2025-6021 and CVE-2025-24855, respectively.
– CVE-2025-6021: This vulnerability in the libxml2 component carries a CVSSv3 base score of 6.5. It requires network access and low-privilege credentials for exploitation.
– CVE-2025-24855: Found in the libxslt component, this flaw has a base score of 7.8. Exploitation requires local access with high attack complexity but no user privileges.
Notably, the fix for CVE-2025-6021 has been specifically backported into the libxml2 version 2.13.8 implementation within Nessus 10.8.5.
Implications for Organizations
These vulnerabilities represent a significant threat to organizations relying on Nessus for security assessments. The ability for non-administrative users to escalate privileges to SYSTEM level can lead to unauthorized access, data breaches, and potential system compromise. The vulnerabilities in third-party components further exacerbate the risk, as they can be exploited to execute arbitrary code or cause denial of service.
Mitigation Steps
Organizations using affected versions of Nessus should prioritize immediate updates to version 10.8.5 or 10.9.0, available through the Tenable Downloads Portal. The vulnerability disclosure timeline reveals efficient handling, with Tenable confirming the report within 18 days and releasing patches approximately two months after initial disclosure. System administrators should verify their current Nessus installations and implement the security updates during planned maintenance windows. Given the high-severity rating and potential for privilege escalation, organizations should treat these updates as critical security patches requiring expedited deployment across all Windows-based Nessus installations.
Broader Context
This disclosure underscores the importance of regular software updates and vigilant security practices. Vulnerability scanners like Nessus are essential tools for identifying and mitigating security risks. However, they themselves can become targets if not properly maintained. The rapid identification and remediation of these vulnerabilities by Tenable highlight the critical role of timely patch management in maintaining organizational security.
Conclusion
The recent vulnerabilities identified in Nessus for Windows serve as a stark reminder of the ever-evolving threat landscape. Organizations must remain proactive in updating and securing their systems to protect against potential exploits. By promptly applying the recommended updates and adhering to best security practices, organizations can mitigate the risks associated with these vulnerabilities and maintain the integrity of their security infrastructure.
