CVE-2025-36640: Local Privilege Escalation
Published Jan 13, 2026
·Updated
A vulnerability has been identified in the installation/uninstallation of the Nessus Agent Tray App on Windows Hosts which could lead to escalation of privileges.
Affected Software
1 affected component
Tenable Nessus Agent Tray App
Remediation
Information
Tenable has released Nessus Agent 11.0.3 and Nessus Agent 10.9.3 to address these issues. The installation files can be obtained from the Tenable Downloads Portal: https://www.tenable.com/downloads/nessus-agents .
Event History
Jan 13, 2026
CVE Published
via MITRE·03:05 PM
Data Sourced
via MITRE·03:05 PM
RemedyDescriptionSeverityWeakness
Data Sourced
via NVD·03:15 PM
DescriptionSeverityWeakness
Frequently Asked Questions
1
What is the severity of CVE-2025-36640?
CVE-2025-36640 has been classified as a medium severity vulnerability.
2
How do I fix CVE-2025-36640?
To remediate CVE-2025-36640, update the Nessus Agent Tray App to the latest version provided by Tenable.
3
What type of vulnerability is CVE-2025-36640?
CVE-2025-36640 is a local privilege escalation vulnerability affecting the installation/uninstallation process of the Nessus Agent Tray App.
4
Who is affected by CVE-2025-36640?
CVE-2025-36640 affects users of the Nessus Agent Tray App on Windows hosts.
5
What can an attacker do with CVE-2025-36640?
An attacker exploiting CVE-2025-36640 could escalate their privileges on affected Windows systems.