Ce mail provient de l'extérieur, restons vigilants

=====================================================================

                            CERT-Renater

                Note d'Information No. 2026/VULN096
_____________________________________________________________________

DATE                : 29/01/2026

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Nessus Network Monitor versions
                                   prior to 6.5.3.

=====================================================================
https://www.tenable.com/security/tns-2026-02
_____________________________________________________________________


Synopsis

Nessus Network Monitor leverages third-party software to help provide 
underlying functionality. Several of the third-party components 
(libxml2, libxslt, expat, c-ares, curl, sqlite) were found to contain 
vulnerabilities, and updated versions have been made available by the 
providers. 

Out of caution and in line with best practice, Tenable has opted to 
upgrade these components to address the potential impact of the 
issues. Nessus Network Monitor version 6.5.3 updates libxml2 to 
version 2.13.9, libxslt to version 1.1.45, expat to version 2.7.3, 
c-ares to version 1.34.6, curl to 8.17.0 and sqlite to version 3.49.0.


Solution

Tenable has released Tenable Network Monitor 6.5.3 to address these 
issues. The installation files can be obtained from the Tenable 
Downloads Portal 
(https://www.tenable.com/downloads/nessus-network-monitor).


Additional References
https://docs.tenable.com/release-notes/Content/network-monitor/2026.htm#653


This page contains information regarding security vulnerabilities that 
may impact Tenable's products. This may include issues specific to our 
software, or due to the use of third-party libraries within our 
software. Tenable strongly encourages users to ensure that they 
upgrade or apply relevant patches in a timely manner.

Tenable takes product security very seriously. If you believe you have 
found a vulnerability in one of our products, we ask that you please 
work with us to quickly resolve it in order to protect customers. 
Tenable believes in responding quickly to such reports, maintaining 
communication with researchers, and providing a solution in short 
order.

For more details on submitting vulnerability information, please see 
our Vulnerability Reporting Guidelines page.

If you have questions or corrections about this advisory, please email 
[email protected]


Risk Information
CVE ID: CVE-2025-6021
CVE-2025-49794
CVE-2025-49796
CVE-2025-10911
CVE-2025-7425
CVE-2025-11731
CVE-2024-8176
CVE-2025-59375
CVE-2025-62408
CVE-2025-31498
CVE-2025-4947
CVE-2025-5025
CVE-2025-10148
CVE-2025-10966
CVE-2025-13034
CVE-2025-14017
CVE-2025-14524
CVE-2025-14819
CVE-2025-15079
CVE-2025-15224
CVE-2023-7104
CVE-2024-0232

Tenable Advisory ID: TNS-2026-02
Risk Factor: High
CVSSv3 Base / Temporal Score:
6.5 / 5.9 (CVE-2025-6021)
8.8 / 7.7 (CVE-2025-49794)
8.8 / 7.7 (CVE-2025-49796)
6.5 / 5.7 (CVE-2025-10911)
6.8 / 5.9 (CVE-2025-7425)
3.1 / 2.7 (CVE-2025-11731)
6.5 / 5.7 (CVE-2024-8176)
6.5 / 5.9 (CVE-2025-59375)
5.9 / 5.2 (CVE-2025-62408)
7.0 / 6.1 (CVE-2025-31498)
6.5 / 5.9 (CVE-2025-4947)
4.8 / 4.3 (CVE-2025-5025)
5.3 / 4.6 (CVE-2025-10148)
4.3 / 3.9 (CVE-2025-10966)
5.9 / 5.2 (CVE-2025-13034)
6.3 / 5.5 (CVE-2025-14017)
5.3 / 4.8 (CVE-2025-14524)
5.3 / 4.6 (CVE-2025-14819)
5.3 / 4.8 (CVE-2025-15079)
3.1 / 2.8 (CVE-2025-15224)
7.3 / 6.6 (CVE-2023-7104)
5.5 / 5.0 (CVE-2024-0232)

CVSSv3 Vector:
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C (CVE-2025-6021)
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C (CVE-2025-49794)
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C (CVE-2025-49796)
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C (CVE-2025-10911)
AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C (CVE-2025-7425)
AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C (CVE-2025-11731)
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C (CVE-2024-8176)
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C (CVE-2025-59375)
AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C (CVE-2025-62408)
AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H/E:U/RL:O/RC:C (CVE-2025-31498)
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C (CVE-2025-4947)
AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C (CVE-2025-5025)
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C (CVE-2025-10148)
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C (CVE-2025-10966)
AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C (CVE-2025-13034)
AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C (CVE-2025-14017)
AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C (CVE-2025-14524)
AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C (CVE-2025-14819)
AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C (CVE-2025-15079)
AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C (CVE-2025-15224)
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C (CVE-2023-7104)
AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C (CVE-2024-0232)


Affected Products
Nessus Network Monitor 6.5.2 and earlier

Advisory Timeline
2026-01-27 - [R1] Initial Release


=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================