Initiatieven voor
Als nationale autoriteit voor cyberveiligheid heeft het CCB verschillende initiatieven ontwikkeld voor specifieke doelgroepen die hier worden gepresenteerd.
Warning: Critical Vulnerability (CVE-2025-36636) identified in Tenable Security Center, Patch Immediately!
Image
Gepubliceerd : 09/10/2025
* Last update: 09/10/2025
* Affected software: Tenable Security Center versions prior to 6.7.0.
* Type: Improper access control
* CVE/CVSS: CVE-2025-36636: CVSS 10.0 (CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H)
Sources
Tenable: https://www.tenable.com/cve/CVE-2025-36636
Risks
A critical vulnerability, having a CVSS score of 10.0, has been identified in Tenable Security Center, a widely used vulnerability management platform.
An attacker could gain unauthorized access to sensitive areas of the Tenable Security Center, with high impact across all 3 security dimensions: the confidentiality, integrity, and availability.
Description
CVE-2025-36636 is an improper access control vulnerability in Tenable Security Center versions prior to 6.7.0 allows an authenticated user to access areas outside of their authorized scope, potentially bypassing intended security restrictions.
Affected by this issue is an unknown functionality. The manipulation with an unknown input leads to an access control vulnerability, where the platform does not restrict or incorrectly restricts access to a resource from an unauthorized actor. Successful exploitation of the vulnerability could allow an attacker to launch attacks remotely.
Recommended Actions
Patch
Tenable recommends to upgrade to Tenable Security Center version 6.7.0 or later to remediate the vulnerability.
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via: https://ccb.belgium.be/report-incident.
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.
References
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-36636
Tenable: https://docs.tenable.com/release-notes/Content/security-center/2025.htm
Vuldb: https://vuldb.com/?id.327650