%20(1).webp?w=1600&resize=1600,900&ssl=1)
Tenable, a leading cybersecurity provider, has released Nessus version 10.8.5, addressing several high-severity vulnerabilities that could allow attackers to escalate privileges, execute code, and overwrite system files on Windows hosts.
These vulnerabilities, tracked as CVE-2025-36630, CVE-2025-6021, and CVE-2025-24855, affect Nessus versions 10.8.4 and earlier and have prompted urgent recommendations for users to update their deployments immediately.
Vulnerabilities and CVSS Scores
The newly patched vulnerabilities include:
- CVE-2025-36630: An improper privilege management flaw allowed a non-administrative user to overwrite arbitrary local system files with log content at SYSTEM privilege. This vulnerability carries a CVSSv3 base score of 8.4, indicating a high risk, and is described by the vector
AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H/E:P/RL:O/RC:C. - CVE-2025-6021: Addressed by backporting a fix to libxml2 v2.13.8, this vulnerability had a CVSSv3 base score of 6.5 and was related to third-party component exposure.
- CVE-2025-24855: Another high-severity issue, scored at 7.8, involved potential privilege escalation and code execution via the Nessus Agent on Windows hosts.
Tenable responded by updating critical third-party libraries: libxml2 to version 2.13.8 and libxslt to version 1.1.43, mitigating the identified risks.
Remediation Steps and Update Procedures
To address these vulnerabilities, Tenable has released both Nessus 10.8.5 and Nessus 10.9.0. Users are strongly advised to download and install the latest versions from the Tenable Downloads Portal.
The update process can be performed from any previously supported version, and administrators are encouraged to review release notes for additional enhancements and bug fixes.
Key commands for managing Nessus updates include:
bash# Update Nessus to the latest version
sudo /opt/nessus/sbin/nessuscli update
# Optimize configuration database (Nessus 10.9.0+)
sudo /opt/nessus/sbin/nessuscli system --config-optimization
Tenable also recommends enabling Early Access releases in the Nessus Update Plan for the timely adoption of security patches.
Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant updates
%20(1).webp?w=1200&resize=1200,0&ssl=1&description=These%20vulnerabilities,%20tracked%20as%20CVE-2025-36630,%20CVE-2025-6021,%20and%20CVE-2025-24855,%20affect%20Nessus%20versions%2010.8.4%20and%20earlier.){kind=link}