Tenable Nessus 2025 Release Notes
Important: You currently cannot install Tenable Nessus on macOS 15.6 due to a known issue. Tenable is working with Apple to resolve the issue.
Plugin Releases
For information about recent changes to Tenable Nessus plugins, see the Plugin Release Notes.
Tenable Nessus 10.9.3 (2025-08-14)

-
Tenable Vulnerability Management FedRAMP environments support Tenable Nessus scanners versions 10.4.0 and later.
-
If you are connecting to Tenable Vulnerability Management through Tenable Nessus scanners, Tenable Agents, Tenable Web App Scanning scanners, or Tenable Network Monitors (NNM) located in mainland China, you must connect through sensor.cloud.tenablecloud.cn instead of sensor.cloud.tenable.com.
- You can upgrade to the latest version of Tenable Nessus from any previously supported version.
- If your upgrade path skips versions of Tenable Nessus, Tenable recommends reviewing the release notes for all skipped versions to learn about new features and bug fixes.
- If you want your scanners to update to the newest version before the GA date automatically, set your Tenable Nessus Update Plan to Opt in to Early Access releases.
- If you want to update your scanners to the latest version before the GA date manually, disable automatic updates so the scanner does not automatically downgrade to the previous version.
Tenable Nessus 10.9.2 (2025-07-30)


-
Tenable Vulnerability Management FedRAMP environments support Tenable Nessus scanners versions 10.4.0 and later.
-
If you are connecting to Tenable Vulnerability Management through Tenable Nessus scanners, Tenable Agents, Tenable Web App Scanning scanners, or Tenable Network Monitors (NNM) located in mainland China, you must connect through sensor.cloud.tenablecloud.cn instead of sensor.cloud.tenable.com.
- You can upgrade to the latest version of Tenable Nessus from any previously supported version.
- If your upgrade path skips versions of Tenable Nessus, Tenable recommends reviewing the release notes for all skipped versions to learn about new features and bug fixes.
- If you want your scanners to update to the newest version before the GA date automatically, set your Tenable Nessus Update Plan to Opt in to Early Access releases.
- If you want to update your scanners to the latest version before the GA date manually, disable automatic updates so the scanner does not automatically downgrade to the previous version.
Tenable Nessus 10.9.1 (2025-07-09)

-
Tenable Vulnerability Management FedRAMP environments support Tenable Nessus scanners versions 10.4.0 and later.
-
If you are connecting to Tenable Vulnerability Management through Tenable Nessus scanners, Tenable Agents, Tenable Web App Scanning scanners, or Tenable Network Monitors (NNM) located in mainland China, you must connect through sensor.cloud.tenablecloud.cn instead of sensor.cloud.tenable.com.
- You can upgrade to the latest version of Tenable Nessus from any previously supported version.
- If your upgrade path skips versions of Tenable Nessus, Tenable recommends reviewing the release notes for all skipped versions to learn about new features and bug fixes.
- If you want your scanners to update to the newest version before the GA date automatically, set your Tenable Nessus Update Plan to Opt in to Early Access releases.
- If you want to update your scanners to the latest version before the GA date manually, disable automatic updates so the scanner does not automatically downgrade to the previous version.
Tenable Nessus 10.9.0 (2025-06-30)

The following are the new features included in Tenable Nessus 10.9.0:
-
Enabled triggered agent scans in Tenable Nessus Manager.
Triggered agent scanning requires additional disk space. For more information, see Hardware Requirements.
-
Enabled web application scanning functionality for Tenable Nessus instances in air-gapped/offline environments.
-
Added support for declaring agent versions for Tenable Nessus Manager agent profiles in air-gapped/offline environments.
-
Added agent safe mode status reporting to Tenable Nessus Manager.
-
Enabled support for SSH session plugin reuse.
This feature will require opt-in when plugins supporting SSH connection reuse are released.

The following enhancements are included in Tenable Nessus 10.9.0:
-
Introduced the nessuscli system --config-optimization command, which optimizes the size and structure of the global configuration database.
-
Updated the nessuscli update command to support the --agent-version parameter.
-
Changed the debug report format to .zip.
-
Optimized full plugin set compilations.
-
Removed unnecessary permissions of Tenable Nessus binaries for non-root and non-administrators.
-
Added a user interface element to indicate which web application scanning image tag is being used by Tenable Nessus.
-
Added the --fedcloud parameter to link Tenable Vulnerability Management-managed scanners to FedRAMP environments.
-
Added a user interface icon to indicate when credentials fail or succeed in credentialed scans.
-
The nessuscli health and status report now includes DNS and rDNS failure counts.

The following are security updates included in Tenable Nessus 10.9.0:
-
Tenable Nessus 10.9.0 contains all security fixes released in Tenable Nessus 10.8.5.

Bug Fix | Defect ID | Applies to |
---|---|---|
Corrected service logging on Windows to prevent pop-up messages from incorrectly stating that Tenable Nessus could not be stopped. | 02073932 | All versions of Tenable Nessus on Windows |
Improved performance when filtering agents by cluster node. | 02067421 | Tenable Nessus Manager |
Fixed an issue that caused some plugin severities to unexpectedly change to Info-level. | 02155712, 02103788 | All versions of Tenable Nessus |
Fixed an issue that caused scanner instability when processing large XML strings. | 02140860 | All versions of Tenable Nessus |
Fixed an issue that caused plugin detail locales to download incorrectly. | 02106575, 02231844, 02232657 | All versions of Tenable Nessus |
Fixed an issue where the last checked available versions did not refresh in the user interface. | 02078242 | All versions of Tenable Nessus |
Fixed an issue by no longer including the /backups directory by default. | 01780874, 01797307 | All versions of Tenable Nessus |
Improved error handling for policy requests to the parent node during initialization. | 01559616 | Tenable Nessus Manager |
Fixed an issue on managed scanners where the Audit Trail Verbosity scan setting appeared twice and could not be set. | 02136378 | All versions of Tenable Nessus |
Fixed an issue where scan-generated targets were occasionally skipped. | 02167709 | All versions of Tenable Nessus |
Fixed an issue that allowed multiple user accounts to be created on a single instance of Tenable Nessus Expert, Tenable Nessus Professional, and Tenable Nessus Essentials. | Tenable Nessus Expert, Tenable Nessus Professional, and Tenable Nessus Essentials |

The following are supported platform updates made in Tenable Nessus 10.9.0:
-
Added support for Fedora 41 and 42.
-
Added support for Windows Server 2025.

-
Tenable Vulnerability Management FedRAMP environments support Tenable Nessus scanners versions 10.4.0 and later.
-
If you are connecting to Tenable Vulnerability Management through Tenable Nessus scanners, Tenable Agents, Tenable Web App Scanning scanners, or Tenable Network Monitors (NNM) located in mainland China, you must connect through sensor.cloud.tenablecloud.cn instead of sensor.cloud.tenable.com.
- You can upgrade to the latest version of Tenable Nessus from any previously supported version.
- If your upgrade path skips versions of Tenable Nessus, Tenable recommends reviewing the release notes for all skipped versions to learn about new features and bug fixes.
- If you want your scanners to update to the newest version before the GA date automatically, set your Tenable Nessus Update Plan to Opt in to Early Access releases.
- If you want to update your scanners to the latest version before the GA date manually, disable automatic updates so the scanner does not automatically downgrade to the previous version.
Tenable Nessus 10.8.5 (2025-06-30)

The following are security updates included in Tenable Nessus 10.8.5:
-
Updated libxml2 to version 2.13.8.
-
Backported the fix for CVE-2025-6021 into libxml2 2.13.8.
-
-
Updated libxslt to version 1.1.43.
-
Fixed vulnerabilities in which an attacker could escalate privileges by abusing symlinks before installing Tenable Agent on Windows.
For more information, see the Tenable Product Security Advisory.

-
Tenable Vulnerability Management FedRAMP environments support Tenable Nessus scanners versions 10.4.0 and later.
-
If you are connecting to Tenable Vulnerability Management through Tenable Nessus scanners, Tenable Agents, Tenable Web App Scanning scanners, or Tenable Network Monitors (NNM) located in mainland China, you must connect through sensor.cloud.tenablecloud.cn instead of sensor.cloud.tenable.com.
- You can upgrade to the latest version of Tenable Nessus from any previously supported version.
- If your upgrade path skips versions of Tenable Nessus, Tenable recommends reviewing the release notes for all skipped versions to learn about new features and bug fixes.
- If you want your scanners to update to the newest version before the GA date automatically, set your Tenable Nessus Update Plan to Opt in to Early Access releases.
- If you want to update your scanners to the latest version before the GA date manually, disable automatic updates so the scanner does not automatically downgrade to the previous version.
Tenable Nessus 10.8.4 (2025-04-17)

The following are security updates included in Tenable Nessus 10.8.4:
-
Fixed a security issue in which the X-Forwarded-For header could be used to manipulate data on the Tenable Nessus scanner.
-
Addressed an issue where Tenable Nessus failed to set ACLs for the optional custom installation directory chosen during the Windows installation process.
-
Addressed an issue where Tenable Nessus could appropriately log ANSI escape characters.
-
Updated libxml2 to version 2.13.7.
-
Updated expat to version 2.7.0.
For more information, see the Tenable Product Security Advisory.

Bug Fix | Applies to |
---|---|
Addressed an issue in the Windows MSI installer that allowed a user to permanently disable Tenable Nessus if the installation was canceled in a custom (non-default) directory with overly-broad permissions. | All versions of Tenable Nessus on Windows |

-
Tenable Vulnerability Management FedRAMP environments support Tenable Nessus scanners versions 10.4.0 and later.
-
If you are connecting to Tenable Vulnerability Management through Tenable Nessus scanners, Tenable Agents, Tenable Web App Scanning scanners, or Tenable Network Monitors (NNM) located in mainland China, you must connect through sensor.cloud.tenablecloud.cn instead of sensor.cloud.tenable.com.
- You can upgrade to the latest version of Tenable Nessus from any previously supported version.
- If your upgrade path skips versions of Tenable Nessus, Tenable recommends reviewing the release notes for all skipped versions to learn about new features and bug fixes.
- If you want your scanners to update to the newest version before the GA date automatically, set your Tenable Nessus Update Plan to Opt in to Early Access releases.
- If you want to update your scanners to the latest version before the GA date manually, disable automatic updates so the scanner does not automatically downgrade to the previous version.