{"type":"rich","version":"1.0","provider_name":"Transistor","provider_url":"https://transistor.fm","author_name":"Daily Security Review","title":"Three CVEs, One Risk: Arbitrary Code Execution in Nessus Agent for Windows","html":"<iframe width=\"100%\" height=\"180\" frameborder=\"no\" scrolling=\"no\" seamless src=\"https://share.transistor.fm/e/d15baa3f\"></iframe>","width":"100%","height":180,"duration":2644,"description":"In this episode, we dive deep into one of the most critical attack techniques in modern cyber warfare: privilege escalation—and how it recently hit center stage with three high-severity vulnerabilities discovered in Tenable’s Nessus Agent for Windows.We break down CVE-2025-36631, CVE-2025-36632, and CVE-2025-36633, which, when exploited, allow a non-administrative user to gain SYSTEM-level access, execute arbitrary code, delete critical files, or overwrite system content. These vulnerabilities, patched in version 10.8.5 of Nessus Agent, represent a textbook example of how privilege escalation paves the way for arbitrary code execution (ACE) and potential ransomware deployment.In the second half of the episode, we unpack: 🛠️ What privilege escalation is, including vertical and horizontal types 📊 Real-world exploitation paths on Windows systems 🔐 Why tools like BloodHound, winPEAS, and PowerUp are favorites among threat actors 📉 The security impact of misconfigured services, overprivileged accounts, and weak registry settings ✅ And most importantly: what your organization can do to detect, prevent, and mitigate privilege escalation attacks before they spiral out of controlWith privilege escalation playing a central role in everything from data breaches to ransomware infections, this episode is a must-listen for IT admins, security professionals, and anyone responsible for hardening their organization’s defenses.🔄 Don't forget to patch your Nessus Agents, enforce least privilege, and audit your environments regularly.","thumbnail_url":"https://img.transistorcdn.com/pL79_MJFeJHamQ_ztImsGmDSMdl27VMk_30TAkieujE/rs:fill:0:0:1/w:400/h:400/q:60/mb:500000/aHR0cHM6Ly9pbWct/dXBsb2FkLXByb2R1/Y3Rpb24udHJhbnNp/c3Rvci5mbS8yNzg5/ZjlhNzM5Y2M4Njli/NjkxNzgyODA2Nzhi/MDI2ZC5wbmc.webp","thumbnail_width":300,"thumbnail_height":300}