CVE-2025-36625 – This vulnerability allows unauthenticated attac... (How to Fix)

Q: What is the severity of CVE-2025-36625?

CVE-2025-36625 has a CVSS score of 4.3 (MEDIUM). This vulnerability allows unauthenticated attackers to manipulate Nessus logging entries by sending specially crafted HTTP requests. It affects Nessus installations running versions before 10.8.4. The impact is limited to log manipulation rather than system compromise.

📋 TL;DR

This vulnerability allows unauthenticated attackers to manipulate Nessus logging entries by sending specially crafted HTTP requests. It affects Nessus installations running versions before 10.8.4. The impact is limited to log manipulation rather than system compromise.

💻 Affected Systems

Products:

Tenable Nessus

Versions: All versions prior to 10.8.4

Operating Systems: All supported platforms

Default Config Vulnerable: ⚠️ Yes

Notes: Affects all Nessus deployments regardless of configuration.

⚠️ Manual Verification Required

This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.

Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).

🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.

Recommended Actions:

Review the CVE details at NVD
Check vendor security advisories for your specific version
Test if the vulnerability is exploitable in your environment
Consider updating to the latest version as a precaution

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could tamper with audit logs to hide malicious activity, potentially obscuring evidence of other attacks or creating false log entries.

🟠

Likely Case

Log integrity is compromised, making forensic investigations unreliable and potentially hiding low-level reconnaissance activities.

🟢

If Mitigated

With proper network segmentation and access controls, impact is limited to log manipulation without system access.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires sending HTTP requests to the Nessus web interface.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 10.8.4

Vendor Advisory: https://www.tenable.com/security/tns-2025-05

Restart Required: Yes

Instructions:

1. Download Nessus 10.8.4 from Tenable portal. 2. Stop Nessus service. 3. Install the update. 4. Restart Nessus service.

🔧 Temporary Workarounds

Network Access Restriction

all

Restrict access to Nessus web interface to trusted IP addresses only.

🧯 If You Can't Patch

Implement strict network segmentation to limit access to Nessus web interface
Enable comprehensive logging at network perimeter to detect manipulation attempts

🔍 How to Verify

Check if Vulnerable:

Check Nessus version via web interface or CLI. If version is below 10.8.4, system is vulnerable.

Check Version:

nessuscli --version

Verify Fix Applied:

Verify Nessus version is 10.8.4 or higher after update.

📡 Detection & Monitoring

Log Indicators:

Unexpected log entries, missing expected log entries, log timestamp anomalies

Network Indicators:

HTTP requests to Nessus web interface from untrusted sources

SIEM Query:

source="nessus" AND (http_method="POST" OR http_method="PUT") AND NOT src_ip IN [trusted_ips]

📊 Metadata

CVE ID: CVE-2025-36625

CVSS v3 Score: 4.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

CWE: CWE-117

EPSS Score: 0.32% exploit probability (54.7th percentile)

Published: April 18, 2025

Last Updated: April 21, 2025

🔗 References

https://www.tenable.com/security/tns-2025-05

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-36625, you might also want to check these: