Tenable, a prominent cybersecurity provider, has released version 10.8.5 of its Agent software to address three critical security vulnerabilities affecting Windows hosts running versions prior to 10.8.5.These flaws, identified as CVE-2025-36631, CVE-2025-36632, and CVE-2025-36633, could allow non-administrative users to exploit SYSTEM-level privileges, potentially leading to severe system compromise or local privilege escalation.**Vulnerability Details**————————-### **[CVE-2025-36631](https://www.tenable.com/cve/CVE-2025-36631): Arbitrary File Overwrite with SYSTEM Privileges**This vulnerability allows a non-administrative user to overwrite any local system file with log content at SYSTEM privilege.By manipulating log outputs, an attacker could corrupt critical system files, disrupt operations, or create conditions for further exploitation, such as planting malicious files or altering system configurations.### **[CVE-2025-36632](https://www.tenable.com/cve/CVE-2025-36632): Arbitrary Code Execution with SYSTEM Privileges**The second flaw permits a non-administrative user to execute arbitrary code at SYSTEM privilege, effectively granting them unrestricted control over the affected Windows host.This could enable attackers to install malicious software, manipulate system processes, or gain persistent access to the system, posing a significant risk to organizational security.### **[CVE-2025-36633](https://www.tenable.com/cve/CVE-2025-36633): Arbitrary File Deletion with SYSTEM Privileges**This vulnerability allows a non-administrative user to delete arbitrary local system files at SYSTEM privilege.Such actions could lead to data loss, system instability, or the removal of critical security controls, potentially enabling local privilege escalation and further compromising the system.[Tenable has resolved](https://www.tenable.com/security/tns-2025-11) these issues in Agent version 10.8.5, The company strongly recommends that users upgrade immediately to protect their systems.Tenable emphasized its proactive approach to security, stating, ‘We prioritize rapid response to vulnerabilities and encourage timely patching to safeguard our customers.’For vulnerability reporting, Tenable invites researchers to follow its [Vulnerability Reporting Guidelines](https://www.tenable.com/security).****Automate threat response with ANY.RUN’s TI Feeds—Enrich alerts and block malicious IPs across all endpoints** –> [**Request full access**](https://intelligence.any.run/plans?utm_source=csn_jun&utm_medium=article&utm_campaign=free-vs-paid-ti-feeds&utm_content=plans&utm_term=100625)**The post [Tenable Agent for Windows Vulnerability Let Attackers Login as Admin to Delete The System Files](https://cybersecuritynews.com/tenable-agent-for-windows-vulnerability/) appeared first on [Cyber Security News](https://cybersecuritynews.com).
Related Tags:
CVE-2025-36633
NAICS: 54 – Professional
Scientific
Technical Services
NAICS: 334 – Computer And Electronic Product Manufacturing
NAICS: 541 – Professional
Scientific
Technical Services
NAICS: 518 – Computing Infrastructure Providers
Data Processing
Web Hosting
Related Services
NAICS: 33 – Manufacturing – Metal
Electronics And Other
NAICS: 51 – Information
Blog: Cybersecurity News
Search Closed Sources: Threat Intel Vendors
Associated Indicators: