Tenable Core 2025 Release Notes
These release notes summarize updates made to Tenable Core in 2025. Downloading and applying the most recent version of the offline ISO image initiates these updates on your Tenable Core machine.
Tip: Tenable recommends applying all offline updates, in order, to your offline Tenable Core machine. Do not skip offline updates.
To update using the Tenable Core offline ISO image, see the documentation for your application:
- Tenable Core + Tenable Nessus
- Tenable Core + Tenable Network Monitor
- Tenable Core + Tenable Security Center
- Tenable Core + Tenable Web App Scanning
- Tenable Core + Tenable OT Security
- Tenable Core + Tenable OT Security Sensor
- Tenable Core + Tenable OT Security Enterprise Manager
- Tenable Core + Tenable Sensor Proxy
For more information about product updates, see the release notes for your application.
These release notes are listed in reverse chronological order.
September 12, 2025
New Default Behavior of Account Lockout Settings on Tenable Core
Tenable is proud to announce a change we have made to the default behavior of account lockout settings on Tenable Core. These changes will be rolled out over the next few weeks. Tenable Core images built before September 2025 lock accounts 30 days after password expiration if the password does not get changed. This is a secure practice, so why is this a problem? Glad you asked!
This is a problem because:
-
Not every user logs in to their Tenable Core systems frequently enough to check their password expiration or locked out accounts.
-
Some instances, particularly with Tenable Core + OT Security, are deployed in air-gapped environments and are not always easily accessible by the customer.
The net result is that many users can have a very unpleasant surprise when they attempt to log in to their Tenable Core instances and then end up having to jump through inconvenient technical hoops in order to restore their access. To combat this issue we are doing the following:
-
Creating verbiage in our setup wizard relaying the following, "Tenable Core no longer defaults to locking expired accounts. If your internal policies allow it, Tenable strongly recommends enabling account lockouts. Please refer to the Tenable Core documentation if you wish to enable account lockouts.”
-
Adding this same messaging to our current documentation to reinforce both the current configuration change and Tenable’s stance on account lockout settings.
Note: No changes have been made to the customer’s ability to set password expiration and account lockout settings. We’ve only changed the default inactive password lockout to “never” for new systems.
For more information, refer to the Manage Account Lockout page in the Tenable Core documentation.
Q2 2025
New Features
-
Finalizing the installation of Tenable OT Security and Tenable OT Security Enterprise Manager upgrades is now blocked if there are upgrades that require a reboot to take effect. Rebooting the system (when it is safe to do so) is required to allow the upgrade to finalize.
-
Visiting the Nessus page in the Tenable Core user interface no longer logs an error in the system log about failing to find the version of Docker.
-
Various user interface and styling improvements to the Nessus page in the Tenable Core user interface.
Update References
Oracle 8 Security Updates:
ELSA-2025-3367 Important grub2 security update
ELSA-2025-3828 Moderate glibc security update
ELSA-2025-3893 Moderate kernel security update
ELSA-2025-3913 Moderate expat security update
ELSA-2025-4048 Moderate xmlrpc-c security update
ELSA-2025-4049 Moderate libtasn1 security update
ELSA-2025-4051 Moderate gnutls security update
ELSA-2025-4560 Important libsoup security update
ELSA-2025-4658 Moderate libtiff security update
ELSA-2025-7531 Important kernel security update
ELSA-2025-7540 Moderate libjpeg-turbo security update
ELSA-2025-7895 Important compat-openssl10 security update
ELSA-2025-8056 Important kernel security update
ELSA-2025-8132 Important libsoup security update
ELSA-2025-8246 Moderate kernel security update
ELSA-2025-8395 Low rsync security update
ELSA-2025-8411 Moderate krb5 security update
ELSA-2025-8676 Moderate libxslt security update
ELSA-2025-8686 Moderate glibc security update
ELSA-2025-8743 Moderate kernel security update
ELSA-2025-8958 Moderate libxml2 security update
ELSA-2025-9142 Moderate container-tools:ol8 security update
ELSA-2025-9580 Moderate kernel security update
ELSA-2025-9878 Important libblockdev security update
ELSA-2025-20343 Important systemd security update
Oracle 8 Updates:
ELBA-2025-4044 device-mapper-multipath bug fix update
ELBA-2025-4045 systemd bug fix update
ELBA-2025-4053 cloud-init bug fix and enhancement update
ELBA-2025-7521 java-21-openjdk bug fix update: G1 and NUMA migrations 2025-05-15 20:00:00
ELBA-2025-7900 openscap bug fix and enhancement update
ELBA-2025-8404 e2fsprogs bug fix update
ELBA-2025-8405 unzip bug fix update
ELBA-2025-8407 libsemanage bug fix update
ELBA-2025-8408 nfs-utils bug fix update
ELBA-2025-8409 grub2 bug fix update
ELBA-2025-8410 sssd bug fix update
ELBA-2025-8818 tar bug fix update
ELBA-2025-9552 sos bug fix and enhancement update
ELBA-2025-20303 openscap bug fix update
ELBA-2025-20309 pytz bug fix update
ELBA-2025-20321 linux-firmware bug fix update
ELBA-2025-20331 sssd bug fix update
ELBA-2025-20360 rsyslog bug fix update
ELBA-2025-20376 shim bug fix update
CVE References - Oracle 8
| Type | Reference |
|---|---|
| Oracle Linux 8 : grub2 (ELSA-2025-3367) |
CVE-2025-0624 |
| Oracle Linux 8 : glibc (ELSA-2025-3828) |
CVE-2025-0395 |
| Oracle Linux 8 : kernel (ELSA-2025-3893) |
CVE-2024-53150 |
| Oracle Linux 8 : expat (ELSA-2025-3913) |
CVE-2024-8176 |
| Oracle Linux 8 : xmlrpc-c (ELSA-2025-4048) |
CVE-2024-8176 |
|
Oracle Linux 8 : libtasn1 (ELSA-2025-4049) |
CVE-2024-12133 |
|
Oracle Linux 8 : gnutls (ELSA-2025-4051) |
CVE-2024-12243 |
| Oracle Linux 8 : libsoup (ELSA-2025-4560) |
CVE-2025-32050 |
| Oracle Linux 8 : libtiff (ELSA-2025-4658) |
CVE-2017-17095 |
|
Oracle Linux 8 : kernel (ELSA-2025-7531) |
CVE-2022-49011 |
|
Oracle Linux 8 : libjpeg-turbo (ELSA-2025-7540) |
CVE-2020-13790 |
| Oracle Linux 8 : compat-openssl10 (ELSA-2025-7895) |
CVE-2023-0286 |
| Oracle Linux 8 : kernel (ELSA-2025-8056) |
CVE-2024-40906 |
| Oracle Linux 8 : libsoup (ELSA-2025-8132) |
CVE-2025-2784 |
| Oracle Linux 8 : kernel (ELSA-2025-8246) |
CVE-2024-43842 |
| Oracle Linux 8 : rsync (ELSA-2025-8395) |
CVE-2016-9840 |
| Oracle Linux 8 : krb5 (ELSA-2025-8411) |
CVE-2025-3576 |
| Oracle Linux 8 : libxslt (ELSA-2025-8676) |
CVE-2023-40403 |
| Oracle Linux 8 : glibc (ELSA-2025-8686) |
CVE-2025-4802 |
| Oracle Linux 8 : kernel (ELSA-2025-8743) |
CVE-2022-49395 |
| Oracle Linux 8 : libxml2 (ELSA-2025-8958) |
CVE-2025-32414 |
| Oracle Linux 8 : container-tools:ol8 (ELSA-2025-9142) |
CVE-2025-22871 |
| Oracle Linux 8 : kernel (ELSA-2025-9580) |
CVE-2022-48919 |
| Oracle Linux 8 : libblockdev (ELSA-2025-9878) |
CVE-2025-6019 |
| Oracle Linux 8 : systemd (ELSA-2025-20343) |
CVE-2025-4598 |
Q1 2025
New Features
-
On Tenable OT Security systems, the tenable-ot-platform and tenable-ot-sensor-platform packages are now protected from removal, and attempts to erase them will fail with an error message.
-
The default Java version included with Nessus and Security Center is upgraded to version 21 from version 11. Unless you have added software that requires Java 11, it can be removed using sudo dnf autoremove.
-
Certificates page shows additional Organizational Unit information for Server and CA certificates.
Update References
Oracle 8 Security Updates:
ELSA-2025-1068 Moderate kernel security update
ELSA-2025-1266 Important kernel security update
ELSA-2025-1301 Moderate gcc security update
ELSA-2025-1517 Moderate libxml2 security update
ELSA-2025-1675 Important bind security update
ELSA-2025-1917 Important emacs security update
ELSA-2025-2473 Important kernel security update
ELSA-2025-2600 Moderate rsync security update
ELSA-2025-2686 Important libxml2 security update
ELSA-2025-2722 Moderate krb5 security update
ELSA-2025-3026 Important kernel security update
ELSA-2025-3210 Important container-tools:ol8 security update
ELSA-2025-3260 Important kernel security update
ELSA-2025-3388 Important python-jinja2 security update
ELSA-2025-3421 Important freetype security update
ELSA-2025-3615 Important libxslt security update
ELSA-2025-20113 Critical NetworkManager security update
Oracle 8 Updates:
ELBA-2025-1104 tzdata bug fix update
ELBA-2025-1240 sos bug fix and enhancement update
ELBA-2025-1573 glibc bug fix update
ELBA-2025-2352 kernel bug fix and enhancement update
ELBA-2025-2590 tuned bug fix update
ELBA-2025-2592 NetworkManager bug fix and enhancement update
ELBA-2025-2593 openldap bug fix update
ELBA-2025-2594 systemd bug fix update
ELBA-2025-2595 dnf bug fix update
ELBA-2025-2596 lvm2 bug fix update
ELBA-2025-2597 traceroute bug fix update
ELBA-2025-2598 firewalld bug fix update
ELBA-2025-2871 glibc bug fix update
ELBA-2025-3110 mesa bug fix update
ELEA-2025-3114 microcode_ctl bug fix and enhancement update
ELBA-2025-3392 gcc bug fix update
ELBA-2025-3394 tzdata bug fix and enhancement update
ELBA-2025-3507 kernel bug fix update
ELBA-2025-2602 gcc bug fix update
ELBA-2025-2617 libselinux bug fix update
ELBA-2025-2618 libsemanage bug fix and enhancement update
ELBA-2025-20097 cockpit bug fix update
ELBA-2025-20098 linux-firmware bug fix update
ELBA-2025-20103 sudo bug fix update
ELBA-2025-20144 mokutil bug fix update
ELBA-2025-20156 mdadm bug fix update
ELBA-2025-20159 pcp bug fix update
ELBA-2025-20181 iscsi-initiator-utils bug fix update
ELBA-2025-20191 sos bug fix update
ELBA-2025-20196 shim bug fix update
ELBA-2025-20207 glibc bug fix update
ELBA-2025-20209 kexec-tools bug fix update
ELBA-2025-20229 linux-firmware bug fix update
CVE References - Oracle 8
| Type | Reference |
|---|---|
| Oracle Linux 8 : kernel (ELSA-2025-1068) |
CVE-2024-26935 |
| Oracle Linux 8 : kernel (ELSA-2025-1266) |
CVE-2024-53104 |
| Oracle Linux 8 : gcc (ELSA-2025-1301) |
CVE-2020-11023 |
| Oracle Linux 8 : libxml2 (ELSA-2025-1517) |
CVE-2022-49043 |
| Oracle Linux 8 : bind (ELSA-2025-1675) |
CVE-2024-11187 |
| Oracle Linux 8 : emacs (ELSA-2025-1917) |
CVE-2025-1244 |
|
Oracle Linux 8 : kernel (ELSA-2025-2473) |
CVE-2024-50302 |
|
Oracle Linux 8 : rsync (ELSA-2025-2600) |
CVE-2024-12087 |
| Oracle Linux 8 : libxml2 (ELSA-2025-2686) |
CVE-2024-56171 |
| Oracle Linux 8 : krb5 (ELSA-2025-2722) |
CVE-2025-24528 |
|
Oracle Linux 8 : kernel (ELSA-2025-3026) |
CVE-2023-52922 |
|
Oracle Linux 8 : container-tools:ol8 (ELSA-2025-3210) |
CVE-2025-22869 |
| Oracle Linux 8 : kernel (ELSA-2025-3260) |
CVE-2025-21785 |
| Oracle Linux 8 : python-jinja2 (ELSA-2025-3388) |
CVE-2025-27516 |
| Oracle Linux 8 : freetype (ELSA-2025-3421) |
CVE-2025-27363 |
Q4 2024
New Features
-
It is now possible to restore Tenable OT Security backups taken on systems running Tenable Core based on CentOS 7 on systems running Tenable Core based on Oracle 8. For this to work, the backup version must match the version of OT security running on the new system. This is typically version 3.18.58.
-
Build ID information has been added to the Sensor Proxy page, in the Installation Info section.
Changed Functionality
-
SOS reports now include `rpm verify` information for all Tenable-owned packages which will aid in finding issues with broken packages without additional troubleshooting.
-
SOS reports now include ssl connection diagnostics using the configured proxy (unauthenticated, http proxy only) to aid in diagnosing issues with SSL inspection from proxies.
-
Offline ISOs (including Tenable OT Security and quarterly offline ISOs) now include `openldap-clients` which contains utilities such as `ldapsearch` to assist with configuring ldap. In airgapped environments, users can attach the new offline ISO and run `dnf install openldap-clients.`
Update References
Oracle 8 Security Updates:
ELSA-2024-8038 Important container-tools:ol8 security update
ELSA-2024-8121 Moderate java-11-openjdk security update
ELSA-2024-8833 Moderate libtiff security update
ELSA-2024-8846 Important container-tools:ol8 security update
ELSA-2024-8856 Moderate kernel security update
ELSA-2024-8859 Moderate xmlrpc-c security update
ELSA-2024-8860 Important krb5 security update
ELSA-2024-8922 Low bzip2 security update
ELSA-2024-9502 Moderate expat security update
ELSA-2024-9573 Important libsoup security update
ELSA-2024-9689 Low binutils security update
ELSA-2024-10281 Moderate kernel:4.18.0 security update
ELSA-2024-10289 Moderate container-tools:ol8 security update
ELSA-2024-10379 Important pam security update
ELSA-2024-10779 Moderate python3:3.6.8 security update
ELSA-2024-10943 Moderate kernel security update
ELSA-2024-10953 Important python36:3.6 security update
ELSA-2024-12797 Moderate linux-firmware security update
ELSA-2025-0065 Important kernel security update
ELSA-2025-0083 Low cups security update
ELSA-2025-0288 Moderate Bug fix of NetworkManager 2025-01-12 19:00:00
ELSA-2025-0325 Important rsync security update
ELSA-2025-0711 Important python-jinja2 security update
ELSA-2025-0733 Moderate bzip2 security update
ELSA-2025-0737 Moderate mariadb:10.11 security update
ELSA-2025-0739 Moderate mariadb:10.5 security update
ELSA-2025-0837 Important unbound security update
ELSA-2025-0838 Important libsoup security update
Oracle 8 Updates:
ELBA-2024-8805 tzdata bug fix and enhancement update
ELBA-2024-8841 rsyslog bug fix update
ELBA-2024-8853 cups bug fix update
ELBA-2024-8854 grub2 bug fix update
ELBA-2024-8855 chrony bug fix update
ELBA-2024-8861 openldap bug fix update
ELBA-2024-8866 glib2 bug fix update
ELBA-2024-11159 libselinux, libsemanage, and selinux-policy bug fix and enhancement update
ELBA-2024-12808 pcp bug fix update
ELBA-2024-12819 dracut bug fix update
ELBA-2024-12820 chrony bug fix update
ELBA-2024-12861 kexec-tools bug fix update
ELBA-2024-12896 cloud-init bug fix update
ELBA-2025-0572 kernel bug fix update
ELBA-2025-0728 glibc bug fix update
ELBA-2025-0730 nftables bug fix update
ELBA-2025-0731 curl bug fix update
ELBA-2025-0732 libdnf bug fix update
ELBA-2025-0744 jasper bug fix update
ELBA-2025-20016 kexec-tools bug fix update
ELBA-2025-20059 systemd bug fix update
ELBA-2025-20065 sos bug fix update
ELEA-2024-8159 microcode_ctl bug fix and enhancement update
ELEA-2024-8852 libproxy bug fix and enhancement update
ELEA-2024-8857 microcode_ctl bug fix and enhancement update
CVE References - Oracle 8
| Type | Reference |
|---|---|
| Oracle Linux 8 : python3:3.6.8 (ELSA-2024-10779) |
CVE-2024-11168 |
| Oracle Linux 8 : kernel (ELSA-2024-10943) |
CVE-2024-46695 |
| Oracle Linux 8 : python36:3.6 (ELSA-2024-10953) |
CVE-2024-53899 |
| Oracle Linux 7 / 8 / 9 : linux-firmware (ELSA-2024-12797) |
CVE-2023-20584 |
| Oracle Linux 8 : container-tools:ol8 (ELSA-2024-8038) |
CVE-2023-45290 |
| Oracle Linux 8 / 9 : java-11-openjdk (ELSA-2024-8121) |
CVE-2023-48161 |
|
Oracle Linux 8 : libtiff (ELSA-2024-8833) |
CVE-2024-7006 |
|
Oracle Linux 8 : container-tools:ol8 (ELSA-2024-8846) |
CVE-2024-9341 |
| Oracle Linux 8 : kernel (ELSA-2024-8856) |
CVE-2022-48773 |
| Oracle Linux 8 : xmlrpc-c (ELSA-2024-8859) |
CVE-2024-45491 |
|
Oracle Linux 8 : krb5 (ELSA-2024-8860) |
CVE-2024-3596 |
|
Oracle Linux 8 : bzip2 (ELSA-2024-8922) |
CVE-2019-12900 |
| Oracle Linux 8 : expat (ELSA-2024-9502) |
CVE-2024-50602 |
| Oracle Linux 8 : libsoup (ELSA-2024-9573) |
CVE-2024-52530 |
| Oracle Linux 8 : binutils (ELSA-2024-9689) |
CVE-2018-12699 |
| Oracle Linux 8 : kernel (ELSA-2025-0065) |
CVE-2024-53088 |
| Oracle Linux 8 : cups (ELSA-2025-0083) |
CVE-2024-47175 |
| Oracle Linux 8 : Bug (ELSA-2025-0288) |
CVE-2024-3661 |
| Oracle Linux 8 : rsync (ELSA-2025-0325) |
CVE-2024-12085 |
| Oracle Linux 8 : python-jinja2 (ELSA-2025-0711) |
CVE-2024-56326 |
| Oracle Linux 8 : bzip2 (ELSA-2025-0733) |
CVE-2019-12900 |
| Oracle Linux 8 : mariadb:10.11 (ELSA-2025-0737) |
CVE-2024-21096 |
| Oracle Linux 8 : mariadb:10.5 (ELSA-2025-0739) |
CVE-2023-22084 |
| Oracle Linux 8 : unbound (ELSA-2025-0837) |
CVE-2024-1488 |
| Oracle Linux 8 : libsoup (ELSA-2025-0838) |
CVE-2024-52531 |