Tenable Nessus 2025 Release Notes
Plugin Releases
For information about recent changes to Tenable Nessus plugins, see the Plugin Release Notes.
Tenable Nessus 10.9.4 (2025-09-24)


The following are supported platform updates made in Tenable Nessus 10.9.4:
-
Added support for macOS Tahoe.

-
Tenable Vulnerability Management FedRAMP environments support Tenable Nessus scanners versions 10.4.0 and later.
-
If you are connecting to Tenable Vulnerability Management through Tenable Nessus scanners, Tenable Agents, Tenable Web App Scanning scanners, or Tenable Network Monitors (NNM) located in mainland China, you must connect through sensor.cloud.tenablecloud.cn instead of sensor.cloud.tenable.com.
- You can upgrade to the latest version of Tenable Nessus from any previously supported version.
- If your upgrade path skips versions of Tenable Nessus, Tenable recommends reviewing the release notes for all skipped versions to learn about new features and bug fixes.
- If you want your scanners to update to the newest version before the GA date automatically, set your Tenable Nessus Update Plan to Opt in to Early Access releases.
- If you want to update your scanners to the latest version before the GA date manually, disable automatic updates so the scanner does not automatically downgrade to the previous version.
Tenable Nessus 10.8.6 (2025-09-24)


The following are supported platform updates made in Tenable Nessus 10.8.6:
-
Added support for macOS Tahoe.

-
Tenable Vulnerability Management FedRAMP environments support Tenable Nessus scanners versions 10.4.0 and later.
-
If you are connecting to Tenable Vulnerability Management through Tenable Nessus scanners, Tenable Agents, Tenable Web App Scanning scanners, or Tenable Network Monitors (NNM) located in mainland China, you must connect through sensor.cloud.tenablecloud.cn instead of sensor.cloud.tenable.com.
- You can upgrade to the latest version of Tenable Nessus from any previously supported version.
- If your upgrade path skips versions of Tenable Nessus, Tenable recommends reviewing the release notes for all skipped versions to learn about new features and bug fixes.
- If you want your scanners to update to the newest version before the GA date automatically, set your Tenable Nessus Update Plan to Opt in to Early Access releases.
- If you want to update your scanners to the latest version before the GA date manually, disable automatic updates so the scanner does not automatically downgrade to the previous version.
(Early Access) Tenable Nessus 10.10.0 (2025-09-23)
Note: This version of Tenable Nessus is an Early Access release. To opt in to Early Access, contact your Tenable representative or configure the Nessus Update Plan in the user interface.

The following are the new features included in Tenable Nessus 10.10.0:
-
Added a global timeout setting to define the maximum duration for a host scan.
-
Added support for the upcoming software and plugin updates via scanner profiles for Tenable Vulnerability Management-linked scanners.
-
Added support for the upcoming Tenable Vulnerability Management plugin download concurrency feature.
-
Added support for the upcoming CPU resource limit setting for Tenable Agents, which will be configurable via agent profiles in Tenable Nessus Manager.

The following enhancements are included in Tenable Nessus 10.10.0:
-
In clustered environments, child nodes now report human-readable scan names instead of UUIDs for running scans to improve visibility.
-
The migration process from Tenable Nessus Manager to Tenable Vulnerability Management now includes triggered scans and their configured triggers.
-
When copying a triggered agent scan, Tenable Nessus Manager now includes the scan's history.
-
The main navigation menu is now resizable for an improved user experience.
-
Added a new API endpoint that allows you to export all Tenable Agent data in a single request.
-
For scanners on Linux systems, the command line output for nessuscli fetch --scanner-health-stats now includes heap memory statistics.
-
Improved the diagnostic packet capture feature to include support for ICMP and other IP-based protocols.
-
Added the ability to enforce TLS 1.3 for communications via the ssl_mode advanced setting.
-
Disabled the ability to export scan data and audit files in trial versions of Tenable Nessus.
-
Removed Terrascan from Tenable Nessus Essentials, Professional, Expert, and trials.

Bug Fix | Defect ID |
---|---|
Fixed an issue where scan result emails showed incorrect vulnerability counts. |
02183925, 02290412 |
Fixed an issue that prevented users with appropriate permissions from generating certain scan reports. |
02194357 |
Fixed an issue where agent scan policies ignored the plugin family lock setting. |
02192072 |
Improved the reliability of nessuscli fix commands by ensuring the database is fully initialized before the commands can run. | 02191308 |
Fixed an issue that allowed duplicate linking keys in Tenable Nessus Manager, ensuring keys are unique to prevent agent linking conflicts. |
02257892 |
Fixed the Safe Mode agent list filter. | 02286697 |
Improved the functionality of nessusd.exe during the installation process to prevent installation failures on Windows. | 02299766, 02301221, 02316698, 02304622 |

The following are supported platform updates made in Tenable Nessus 10.10.0:
-
Added support for macOS Tahoe.

-
Tenable Vulnerability Management FedRAMP environments support Tenable Nessus scanners versions 10.4.0 and later.
-
If you are connecting to Tenable Vulnerability Management through Tenable Nessus scanners, Tenable Agents, Tenable Web App Scanning scanners, or Tenable Network Monitors (NNM) located in mainland China, you must connect through sensor.cloud.tenablecloud.cn instead of sensor.cloud.tenable.com.
- You can upgrade to the latest version of Tenable Nessus from any previously supported version.
- If your upgrade path skips versions of Tenable Nessus, Tenable recommends reviewing the release notes for all skipped versions to learn about new features and bug fixes.
- If you want your scanners to update to the newest version before the GA date automatically, set your Tenable Nessus Update Plan to Opt in to Early Access releases.
- If you want to update your scanners to the latest version before the GA date manually, disable automatic updates so the scanner does not automatically downgrade to the previous version.
Tenable Nessus 10.9.3 (2025-08-14)

-
Tenable Vulnerability Management FedRAMP environments support Tenable Nessus scanners versions 10.4.0 and later.
-
If you are connecting to Tenable Vulnerability Management through Tenable Nessus scanners, Tenable Agents, Tenable Web App Scanning scanners, or Tenable Network Monitors (NNM) located in mainland China, you must connect through sensor.cloud.tenablecloud.cn instead of sensor.cloud.tenable.com.
- You can upgrade to the latest version of Tenable Nessus from any previously supported version.
- If your upgrade path skips versions of Tenable Nessus, Tenable recommends reviewing the release notes for all skipped versions to learn about new features and bug fixes.
- If you want your scanners to update to the newest version before the GA date automatically, set your Tenable Nessus Update Plan to Opt in to Early Access releases.
- If you want to update your scanners to the latest version before the GA date manually, disable automatic updates so the scanner does not automatically downgrade to the previous version.
Tenable Nessus 10.9.2 (2025-07-30)


-
Tenable Vulnerability Management FedRAMP environments support Tenable Nessus scanners versions 10.4.0 and later.
-
If you are connecting to Tenable Vulnerability Management through Tenable Nessus scanners, Tenable Agents, Tenable Web App Scanning scanners, or Tenable Network Monitors (NNM) located in mainland China, you must connect through sensor.cloud.tenablecloud.cn instead of sensor.cloud.tenable.com.
- You can upgrade to the latest version of Tenable Nessus from any previously supported version.
- If your upgrade path skips versions of Tenable Nessus, Tenable recommends reviewing the release notes for all skipped versions to learn about new features and bug fixes.
- If you want your scanners to update to the newest version before the GA date automatically, set your Tenable Nessus Update Plan to Opt in to Early Access releases.
- If you want to update your scanners to the latest version before the GA date manually, disable automatic updates so the scanner does not automatically downgrade to the previous version.
Tenable Nessus 10.9.1 (2025-07-09)

-
Tenable Vulnerability Management FedRAMP environments support Tenable Nessus scanners versions 10.4.0 and later.
-
If you are connecting to Tenable Vulnerability Management through Tenable Nessus scanners, Tenable Agents, Tenable Web App Scanning scanners, or Tenable Network Monitors (NNM) located in mainland China, you must connect through sensor.cloud.tenablecloud.cn instead of sensor.cloud.tenable.com.
- You can upgrade to the latest version of Tenable Nessus from any previously supported version.
- If your upgrade path skips versions of Tenable Nessus, Tenable recommends reviewing the release notes for all skipped versions to learn about new features and bug fixes.
- If you want your scanners to update to the newest version before the GA date automatically, set your Tenable Nessus Update Plan to Opt in to Early Access releases.
- If you want to update your scanners to the latest version before the GA date manually, disable automatic updates so the scanner does not automatically downgrade to the previous version.
Tenable Nessus 10.9.0 (2025-06-30)

The following are the new features included in Tenable Nessus 10.9.0:
-
Enabled triggered agent scans in Tenable Nessus Manager.
Triggered agent scanning requires additional disk space. For more information, see Hardware Requirements.
-
Enabled web application scanning functionality for Tenable Nessus instances in air-gapped/offline environments.
-
Added support for declaring agent versions for Tenable Nessus Manager agent profiles in air-gapped/offline environments.
-
Added agent safe mode status reporting to Tenable Nessus Manager.
-
Enabled support for SSH session plugin reuse.
This feature will require opt-in when plugins supporting SSH connection reuse are released.

The following enhancements are included in Tenable Nessus 10.9.0:
-
Introduced the nessuscli system --config-optimization command, which optimizes the size and structure of the global configuration database.
-
Updated the nessuscli update command to support the --agent-version parameter.
-
Changed the debug report format to .zip.
-
Optimized full plugin set compilations.
-
Removed unnecessary permissions of Tenable Nessus binaries for non-root and non-administrators.
-
Added a user interface element to indicate which web application scanning image tag is being used by Tenable Nessus.
-
Added the --fedcloud parameter to link Tenable Vulnerability Management-managed scanners to FedRAMP environments.
-
Added a user interface icon to indicate when credentials fail or succeed in credentialed scans.
-
The nessuscli health and status report now includes DNS and rDNS failure counts.

The following are security updates included in Tenable Nessus 10.9.0:
-
Tenable Nessus 10.9.0 contains all security fixes released in Tenable Nessus 10.8.5.

Bug Fix | Defect ID | Applies to |
---|---|---|
Corrected service logging on Windows to prevent pop-up messages from incorrectly stating that Tenable Nessus could not be stopped. | 02073932 | All versions of Tenable Nessus on Windows |
Improved performance when filtering agents by cluster node. | 02067421 | Tenable Nessus Manager |
Fixed an issue that caused some plugin severities to unexpectedly change to Info-level. | 02155712, 02103788 | All versions of Tenable Nessus |
Fixed an issue that caused scanner instability when processing large XML strings. | 02140860 | All versions of Tenable Nessus |
Fixed an issue that caused plugin detail locales to download incorrectly. | 02106575, 02231844, 02232657 | All versions of Tenable Nessus |
Fixed an issue where the last checked available versions did not refresh in the user interface. | 02078242 | All versions of Tenable Nessus |
Fixed an issue by no longer including the /backups directory by default. | 01780874, 01797307 | All versions of Tenable Nessus |
Improved error handling for policy requests to the parent node during initialization. | 01559616 | Tenable Nessus Manager |
Fixed an issue on managed scanners where the Audit Trail Verbosity scan setting appeared twice and could not be set. | 02136378 | All versions of Tenable Nessus |
Fixed an issue where scan-generated targets were occasionally skipped. | 02167709 | All versions of Tenable Nessus |
Fixed an issue that allowed multiple user accounts to be created on a single instance of Tenable Nessus Expert, Tenable Nessus Professional, and Tenable Nessus Essentials. | Tenable Nessus Expert, Tenable Nessus Professional, and Tenable Nessus Essentials |

The following are supported platform updates made in Tenable Nessus 10.9.0:
-
Added support for Fedora 41 and 42.
-
Added support for Windows Server 2025.

-
Tenable Vulnerability Management FedRAMP environments support Tenable Nessus scanners versions 10.4.0 and later.
-
If you are connecting to Tenable Vulnerability Management through Tenable Nessus scanners, Tenable Agents, Tenable Web App Scanning scanners, or Tenable Network Monitors (NNM) located in mainland China, you must connect through sensor.cloud.tenablecloud.cn instead of sensor.cloud.tenable.com.
- You can upgrade to the latest version of Tenable Nessus from any previously supported version.
- If your upgrade path skips versions of Tenable Nessus, Tenable recommends reviewing the release notes for all skipped versions to learn about new features and bug fixes.
- If you want your scanners to update to the newest version before the GA date automatically, set your Tenable Nessus Update Plan to Opt in to Early Access releases.
- If you want to update your scanners to the latest version before the GA date manually, disable automatic updates so the scanner does not automatically downgrade to the previous version.
Tenable Nessus 10.8.5 (2025-06-30)

The following are security updates included in Tenable Nessus 10.8.5:
-
Updated libxml2 to version 2.13.8.
-
Backported the fix for CVE-2025-6021 into libxml2 2.13.8.
-
-
Updated libxslt to version 1.1.43.
-
Fixed vulnerabilities in which an attacker could escalate privileges by abusing symlinks before installing Tenable Agent on Windows.
For more information, see the Tenable Product Security Advisory.

-
Tenable Vulnerability Management FedRAMP environments support Tenable Nessus scanners versions 10.4.0 and later.
-
If you are connecting to Tenable Vulnerability Management through Tenable Nessus scanners, Tenable Agents, Tenable Web App Scanning scanners, or Tenable Network Monitors (NNM) located in mainland China, you must connect through sensor.cloud.tenablecloud.cn instead of sensor.cloud.tenable.com.
- You can upgrade to the latest version of Tenable Nessus from any previously supported version.
- If your upgrade path skips versions of Tenable Nessus, Tenable recommends reviewing the release notes for all skipped versions to learn about new features and bug fixes.
- If you want your scanners to update to the newest version before the GA date automatically, set your Tenable Nessus Update Plan to Opt in to Early Access releases.
- If you want to update your scanners to the latest version before the GA date manually, disable automatic updates so the scanner does not automatically downgrade to the previous version.
Tenable Nessus 10.8.4 (2025-04-17)

The following are security updates included in Tenable Nessus 10.8.4:
-
Fixed a security issue in which the X-Forwarded-For header could be used to manipulate data on the Tenable Nessus scanner.
-
Addressed an issue where Tenable Nessus failed to set ACLs for the optional custom installation directory chosen during the Windows installation process.
-
Addressed an issue where Tenable Nessus could appropriately log ANSI escape characters.
-
Updated libxml2 to version 2.13.7.
-
Updated expat to version 2.7.0.
For more information, see the Tenable Product Security Advisory.

Bug Fix | Applies to |
---|---|
Addressed an issue in the Windows MSI installer that allowed a user to permanently disable Tenable Nessus if the installation was canceled in a custom (non-default) directory with overly-broad permissions. | All versions of Tenable Nessus on Windows |

-
Tenable Vulnerability Management FedRAMP environments support Tenable Nessus scanners versions 10.4.0 and later.
-
If you are connecting to Tenable Vulnerability Management through Tenable Nessus scanners, Tenable Agents, Tenable Web App Scanning scanners, or Tenable Network Monitors (NNM) located in mainland China, you must connect through sensor.cloud.tenablecloud.cn instead of sensor.cloud.tenable.com.
- You can upgrade to the latest version of Tenable Nessus from any previously supported version.
- If your upgrade path skips versions of Tenable Nessus, Tenable recommends reviewing the release notes for all skipped versions to learn about new features and bug fixes.
- If you want your scanners to update to the newest version before the GA date automatically, set your Tenable Nessus Update Plan to Opt in to Early Access releases.
- If you want to update your scanners to the latest version before the GA date manually, disable automatic updates so the scanner does not automatically downgrade to the previous version.