The version of Tenable.ad installed on the remote host is prior to 3.77.12. It is, therefore, affected by multiple vulnerabilities as referenced in the TNS-2025-14 advisory. Due to a mistake in libcurl's WebSocket code, a malicious server can send a particularly crafted packet which makes libcurl get trapped in an endless busy-loop. There is no other way for the application to escape or exit this loop other than killing the thread/process. (CVE-2025-5399) Untrusted search path in .NET and Visual Studio allows an unauthorized attacker to execute code over a network. (CVE-2025-30399) libcurl accidentally skips the certificate verification for QUIC connections when connecting to a host specified as an IP address in the URL. Therefore, it does not detect impostors or man-in-the-middle attacks. (CVE-2025-4947) Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. File data…Read More