{"id":53961,"date":"2025-06-21T21:11:04","date_gmt":"2025-06-21T21:11:04","guid":{"rendered":""},"modified":"2025-07-08T17:26:32","modified_gmt":"2025-07-08T23:26:32","slug":"cve-2025-36631-critical-file-overwrite-vulnerability-in-tenable-agent","status":"publish","type":"post","link":"https:\/\/www.ameeba.com\/blog\/cve-2025-36631-critical-file-overwrite-vulnerability-in-tenable-agent\/","title":{"rendered":"CVE-2025-36631: Critical File Overwrite Vulnerability in Tenable Agent<\/strong>"},"content":{"rendered":"

Overview<\/strong><\/p>\n

The world of cybersecurity is an ever-evolving landscape, with new vulnerabilities being discovered regularly. Most recently, a critical vulnerability identified as CVE-2025-36631 has been identified in Tenable Agent versions prior to 10.8.5. This vulnerability allows non-administrative users to overwrite arbitrary local system files<\/a> with log content at SYSTEM privilege on a Windows host. This vulnerability is significant as it can lead to potential system<\/a> compromise or data leakage, putting sensitive data at risk.
\nIn this blog post, we delve into the details of this vulnerability, its potential impacts, and the steps that system administrators and cybersecurity professionals can take to mitigate its effects. Understanding the nature of this vulnerability is critical<\/a>, especially for organizations using affected versions of Tenable Agent.<\/p>\n

Vulnerability Summary<\/strong><\/p>\n

CVE ID: CVE-2025-36631
\nSeverity: Critical (8.4)
\nAttack Vector: Local
\nPrivileges Required: None
\nUser Interaction: Required
\nImpact: System compromise and potential<\/a> data leakage<\/p>\n

Affected Products<\/strong><\/p>

\r\n

\r\n \r\n \"Ameeba\r\n <\/a>\r\n A new way to communicate\r\n <\/h2>\r\n\r\n

\r\n Ameeba Chat is built on encrypted identity, not personal profiles.\r\n <\/p>\r\n\r\n

\r\n Message, call, share files, and coordinate with identities kept separate.\r\n <\/p>\r\n\r\n