Nessus Logging Manipulation Vulnerability in Tenable Software
CVE-2025-36625

Currently unrated

Key Information:

Vendor: Tenable
Status: Nessus
Vendor: CVE Published:; 18 April 2025

What is CVE-2025-36625?

A vulnerability in Nessus allows non-authenticated attackers to alter logging entries by crafting specific HTTP requests. This issue affects versions before 10.8.4, enabling unauthorized users to manipulate vital application logs, potentially obscuring malicious activities or altering security assessments. Maintaining proper input validation and securing logging mechanisms is crucial to mitigate such threats.

References

https://www.tenable.com/security/tns-2025-05

Timeline

Vulnerability published
Apr 18, 2025