Tenable Agent for Windows Vulnerability Let Attackers Login as Admin to Delete The System Files
- С сайта: Vulnerability(cybersecuritynews.com)
- Вернуться к списку новостей
С сайта: Vulnerability(cybersecuritynews.com)
Tenable, a prominent cybersecurity provider, has released version 10.8.5 of its Agent software to address three critical security vulnerabilities affecting Windows hosts running versions prior to 10.8.5.
These flaws, identified as CVE-2025-36631, CVE-2025-36632, and CVE-2025-36633, could allow non-administrative users to exploit SYSTEM-level privileges, potentially leading to severe system compromise or local privilege escalation.
Vulnerability Details
CVE-2025-36631: Arbitrary File Overwrite with SYSTEM Privileges
This vulnerability allows a non-administrative user to overwrite any local system file with log content at SYSTEM privilege.
CVE-2025-36632: Arbitrary Code Execution with SYSTEM Privileges
The second flaw permits a non-administrative user to execute arbitrary code at SYSTEM privilege, effectively granting them unrestricted control over the affected Windows host.
This could enable attackers to install malicious software, manipulate system processes, or gain persistent access to the system, posing a significant risk to organizational security.
CVE-2025-36633: Arbitrary File Deletion with SYSTEM Privileges
This vulnerability allows a non-administrative user to delete arbitrary local system files at SYSTEM privilege.
Such actions could lead to data loss, system instability, or the removal of critical security controls, potentially enabling local privilege escalation and further compromising the system.
Tenable has resolved these issues in Agent version 10.8.5, The company strongly recommends that users upgrade immediately to protect their systems.
Tenable emphasized its proactive approach to security, stating, “We prioritize rapid response to vulnerabilities and encourage timely patching to safeguard our customers.”
For vulnerability reporting, Tenable invites researchers to follow its Vulnerability Reporting Guidelines.
#Cyber_Security_News #Vulnerability
Оригинальная версия на сайте:
Tenable Agent for Windows Vulnerability Let Attackers Login as Admin to Delete The System Files
Author: Balaji NTenable, a prominent cybersecurity provider, has released version 10.8.5 of its Agent software to address three critical security vulnerabilities affecting Windows hosts running versions prior to 10.8.5.
These flaws, identified as CVE-2025-36631, CVE-2025-36632, and CVE-2025-36633, could allow non-administrative users to exploit SYSTEM-level privileges, potentially leading to severe system compromise or local privilege escalation.
Vulnerability Details
CVE-2025-36631: Arbitrary File Overwrite with SYSTEM Privileges
This vulnerability allows a non-administrative user to overwrite any local system file with log content at SYSTEM privilege.
CVE-2025-36632: Arbitrary Code Execution with SYSTEM Privileges
The second flaw permits a non-administrative user to execute arbitrary code at SYSTEM privilege, effectively granting them unrestricted control over the affected Windows host.
This could enable attackers to install malicious software, manipulate system processes, or gain persistent access to the system, posing a significant risk to organizational security.
CVE-2025-36633: Arbitrary File Deletion with SYSTEM Privileges
This vulnerability allows a non-administrative user to delete arbitrary local system files at SYSTEM privilege.
Such actions could lead to data loss, system instability, or the removal of critical security controls, potentially enabling local privilege escalation and further compromising the system.
Tenable has resolved these issues in Agent version 10.8.5, The company strongly recommends that users upgrade immediately to protect their systems.
Tenable emphasized its proactive approach to security, stating, “We prioritize rapid response to vulnerabilities and encourage timely patching to safeguard our customers.”
For vulnerability reporting, Tenable invites researchers to follow its Vulnerability Reporting Guidelines.
#Cyber_Security_News #Vulnerability
Оригинальная версия на сайте:
