Tenable Nessus 2025 Release Notes

Important: You currently cannot install Tenable Nessus on macOS 15.6 due to a known issue. Tenable is working with Apple to resolve the issue.

Tip: You can subscribe to receive alerts for Tenable documentation updates.

Plugin Releases

For information about recent changes to Tenable Nessus plugins, see the Plugin Release Notes.

Tenable Nessus 10.9.3 (2025-08-14)

Bug Fix Defect ID
Fixed an exclusions processing issue in Tenable Vulnerability Management that could cause scan launch delays, failures, or incorrectly show scanners as offline. 02284811, 02283482, 02285413, 02289061, 02289164, 02287074, 02302819

  • Tenable Vulnerability Management FedRAMP environments support Tenable Nessus scanners versions 10.4.0 and later.

  • If you are connecting to Tenable Vulnerability Management through Tenable Nessus scanners, Tenable Agents, Tenable Web App Scanning scanners, or Tenable Network Monitors (NNM) located in mainland China, you must connect through sensor.cloud.tenablecloud.cn instead of sensor.cloud.tenable.com.

  • You can upgrade to the latest version of Tenable Nessus from any previously supported version.
  • If your upgrade path skips versions of Tenable Nessus, Tenable recommends reviewing the release notes for all skipped versions to learn about new features and bug fixes.
  • If you want your scanners to update to the newest version before the GA date automatically, set your Tenable Nessus Update Plan to Opt in to Early Access releases.
  • If you want to update your scanners to the latest version before the GA date manually, disable automatic updates so the scanner does not automatically downgrade to the previous version.

Tenable Nessus 10.9.2 (2025-07-30)

Bug Fix Defect ID
Fixed an issue where offline Tenable Nessus Managers did not generate agent plugin databases for agents and cluster child nodes. 02282034
Fixed an issue where agent profiles were not applied after agents switched to different child nodes in a Tenable Nessus cluster. 02214200
Fixed a library-linking issue that prevented some non-privileged Tenable Nessus installations from starting properly from version 10.9.0 onward. 02283070

  • Tenable Vulnerability Management FedRAMP environments support Tenable Nessus scanners versions 10.4.0 and later.

  • If you are connecting to Tenable Vulnerability Management through Tenable Nessus scanners, Tenable Agents, Tenable Web App Scanning scanners, or Tenable Network Monitors (NNM) located in mainland China, you must connect through sensor.cloud.tenablecloud.cn instead of sensor.cloud.tenable.com.

  • You can upgrade to the latest version of Tenable Nessus from any previously supported version.
  • If your upgrade path skips versions of Tenable Nessus, Tenable recommends reviewing the release notes for all skipped versions to learn about new features and bug fixes.
  • If you want your scanners to update to the newest version before the GA date automatically, set your Tenable Nessus Update Plan to Opt in to Early Access releases.
  • If you want to update your scanners to the latest version before the GA date manually, disable automatic updates so the scanner does not automatically downgrade to the previous version.

Tenable Nessus 10.9.1 (2025-07-09)

Bug Fix Defect ID
Fixed an issue so that standalone Tenable Nessus Managers no longer terminate agent scan windows prematurely. 02280871

  • Tenable Vulnerability Management FedRAMP environments support Tenable Nessus scanners versions 10.4.0 and later.

  • If you are connecting to Tenable Vulnerability Management through Tenable Nessus scanners, Tenable Agents, Tenable Web App Scanning scanners, or Tenable Network Monitors (NNM) located in mainland China, you must connect through sensor.cloud.tenablecloud.cn instead of sensor.cloud.tenable.com.

  • You can upgrade to the latest version of Tenable Nessus from any previously supported version.
  • If your upgrade path skips versions of Tenable Nessus, Tenable recommends reviewing the release notes for all skipped versions to learn about new features and bug fixes.
  • If you want your scanners to update to the newest version before the GA date automatically, set your Tenable Nessus Update Plan to Opt in to Early Access releases.
  • If you want to update your scanners to the latest version before the GA date manually, disable automatic updates so the scanner does not automatically downgrade to the previous version.

Tenable Nessus 10.9.0 (2025-06-30)

The following are the new features included in Tenable Nessus 10.9.0:

  • Enabled triggered agent scans in Tenable Nessus Manager.

    Triggered agent scanning requires additional disk space. For more information, see Hardware Requirements.

  • Enabled web application scanning functionality for Tenable Nessus instances in air-gapped/offline environments.

  • Added support for declaring agent versions for Tenable Nessus Manager agent profiles in air-gapped/offline environments.

  • Added agent safe mode status reporting to Tenable Nessus Manager.

  • Enabled support for SSH session plugin reuse.

    This feature will require opt-in when plugins supporting SSH connection reuse are released.

The following enhancements are included in Tenable Nessus 10.9.0:

  • Introduced the nessuscli system --config-optimization command, which optimizes the size and structure of the global configuration database.

  • Updated the nessuscli update command to support the --agent-version parameter.

  • Changed the debug report format to .zip.

  • Optimized full plugin set compilations.

  • Removed unnecessary permissions of Tenable Nessus binaries for non-root and non-administrators.

  • Added a user interface element to indicate which web application scanning image tag is being used by Tenable Nessus.

  • Added the --fedcloud parameter to link Tenable Vulnerability Management-managed scanners to FedRAMP environments.

  • Added a user interface icon to indicate when credentials fail or succeed in credentialed scans.

  • The nessuscli health and status report now includes DNS and rDNS failure counts.

The following are security updates included in Tenable Nessus 10.9.0:

Bug Fix Defect ID Applies to
Corrected service logging on Windows to prevent pop-up messages from incorrectly stating that Tenable Nessus could not be stopped. 02073932 All versions of Tenable Nessus on Windows
Improved performance when filtering agents by cluster node. 02067421 Tenable Nessus Manager
Fixed an issue that caused some plugin severities to unexpectedly change to Info-level. 02155712, 02103788 All versions of Tenable Nessus
Fixed an issue that caused scanner instability when processing large XML strings. 02140860 All versions of Tenable Nessus
Fixed an issue that caused plugin detail locales to download incorrectly. 02106575, 02231844, 02232657 All versions of Tenable Nessus
Fixed an issue where the last checked available versions did not refresh in the user interface. 02078242 All versions of Tenable Nessus
Fixed an issue by no longer including the /backups directory by default. 01780874, 01797307 All versions of Tenable Nessus
Improved error handling for policy requests to the parent node during initialization. 01559616 Tenable Nessus Manager
Fixed an issue on managed scanners where the Audit Trail Verbosity scan setting appeared twice and could not be set. 02136378 All versions of Tenable Nessus
Fixed an issue where scan-generated targets were occasionally skipped. 02167709 All versions of Tenable Nessus
Fixed an issue that allowed multiple user accounts to be created on a single instance of Tenable Nessus Expert, Tenable Nessus Professional, and Tenable Nessus Essentials.   Tenable Nessus Expert, Tenable Nessus Professional, and Tenable Nessus Essentials

The following are supported platform updates made in Tenable Nessus 10.9.0:

  • Added support for Fedora 41 and 42.

  • Added support for Windows Server 2025.

  • Tenable Vulnerability Management FedRAMP environments support Tenable Nessus scanners versions 10.4.0 and later.

  • If you are connecting to Tenable Vulnerability Management through Tenable Nessus scanners, Tenable Agents, Tenable Web App Scanning scanners, or Tenable Network Monitors (NNM) located in mainland China, you must connect through sensor.cloud.tenablecloud.cn instead of sensor.cloud.tenable.com.

  • You can upgrade to the latest version of Tenable Nessus from any previously supported version.
  • If your upgrade path skips versions of Tenable Nessus, Tenable recommends reviewing the release notes for all skipped versions to learn about new features and bug fixes.
  • If you want your scanners to update to the newest version before the GA date automatically, set your Tenable Nessus Update Plan to Opt in to Early Access releases.
  • If you want to update your scanners to the latest version before the GA date manually, disable automatic updates so the scanner does not automatically downgrade to the previous version.

Tenable Nessus 10.8.5 (2025-06-30)

The following are security updates included in Tenable Nessus 10.8.5:

  • Updated libxml2 to version 2.13.8.

    • Backported the fix for CVE-2025-6021 into libxml2 2.13.8.

  • Updated libxslt to version 1.1.43.

  • Fixed vulnerabilities in which an attacker could escalate privileges by abusing symlinks before installing Tenable Agent on Windows.

    For more information, see the Tenable Product Security Advisory.

  • Tenable Vulnerability Management FedRAMP environments support Tenable Nessus scanners versions 10.4.0 and later.

  • If you are connecting to Tenable Vulnerability Management through Tenable Nessus scanners, Tenable Agents, Tenable Web App Scanning scanners, or Tenable Network Monitors (NNM) located in mainland China, you must connect through sensor.cloud.tenablecloud.cn instead of sensor.cloud.tenable.com.

  • You can upgrade to the latest version of Tenable Nessus from any previously supported version.
  • If your upgrade path skips versions of Tenable Nessus, Tenable recommends reviewing the release notes for all skipped versions to learn about new features and bug fixes.
  • If you want your scanners to update to the newest version before the GA date automatically, set your Tenable Nessus Update Plan to Opt in to Early Access releases.
  • If you want to update your scanners to the latest version before the GA date manually, disable automatic updates so the scanner does not automatically downgrade to the previous version.

Tenable Nessus 10.8.4 (2025-04-17)

The following are security updates included in Tenable Nessus 10.8.4:

  • Fixed a security issue in which the X-Forwarded-For header could be used to manipulate data on the Tenable Nessus scanner.

  • Addressed an issue where Tenable Nessus failed to set ACLs for the optional custom installation directory chosen during the Windows installation process.

  • Addressed an issue where Tenable Nessus could appropriately log ANSI escape characters.

  • Updated libxml2 to version 2.13.7.

  • Updated expat to version 2.7.0.

    For more information, see the Tenable Product Security Advisory.

Bug Fix Applies to
Addressed an issue in the Windows MSI installer that allowed a user to permanently disable Tenable Nessus if the installation was canceled in a custom (non-default) directory with overly-broad permissions. All versions of Tenable Nessus on Windows

  • Tenable Vulnerability Management FedRAMP environments support Tenable Nessus scanners versions 10.4.0 and later.

  • If you are connecting to Tenable Vulnerability Management through Tenable Nessus scanners, Tenable Agents, Tenable Web App Scanning scanners, or Tenable Network Monitors (NNM) located in mainland China, you must connect through sensor.cloud.tenablecloud.cn instead of sensor.cloud.tenable.com.

  • You can upgrade to the latest version of Tenable Nessus from any previously supported version.
  • If your upgrade path skips versions of Tenable Nessus, Tenable recommends reviewing the release notes for all skipped versions to learn about new features and bug fixes.
  • If you want your scanners to update to the newest version before the GA date automatically, set your Tenable Nessus Update Plan to Opt in to Early Access releases.
  • If you want to update your scanners to the latest version before the GA date manually, disable automatic updates so the scanner does not automatically downgrade to the previous version.