Refine your search
46 vulnerabilities found for by Tanium
CVE-2026-2350 (GCVE-0-2026-2350)
Vulnerability from cvelistv5
Published
2026-02-19 23:10
Modified
2026-03-02 15:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-532 - Insertion of Sensitive Information into Log File
Summary
Tanium addressed an insertion of sensitive information into log file vulnerability in Interact and TDS.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-2350",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-02T15:41:02.790036Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-02T15:50:27.043Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:tanium:service_interact:3.2.195:*:*:*:*:*:*:*",
"cpe:2.3:a:tanium:service_interact:3.5.101:*:*:*:*:*:*:*"
],
"product": "Interact",
"vendor": "Tanium",
"versions": [
{
"lessThan": "3.2.196",
"status": "affected",
"version": "3.2.0",
"versionType": "custom"
},
{
"lessThan": "3.5.102",
"status": "affected",
"version": "3.5.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:tanium:service_tds:4.1.256:*:*:*:*:*:*:*"
],
"product": "TDS",
"vendor": "Tanium",
"versions": [
{
"lessThan": "4.1.257",
"status": "affected",
"version": "4.1.0",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2026-02-11T16:04:36.295Z",
"datePublic": "2026-02-19T23:10:05.500Z",
"descriptions": [
{
"lang": "en",
"value": "Tanium addressed an insertion of sensitive information into log file vulnerability in Interact and TDS."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "Insertion of Sensitive Information into Log File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-19T23:14:23.480Z",
"orgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"shortName": "Tanium"
},
"references": [
{
"name": "TAN-2026-008",
"url": "https://security.tanium.com/TAN-2026-008"
}
],
"title": "Tanium addressed an insertion of sensitive information into log file vulnerability in Interact and TDS."
}
},
"cveMetadata": {
"assignerOrgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"assignerShortName": "Tanium",
"cveId": "CVE-2026-2350",
"datePublished": "2026-02-19T23:10:33.951Z",
"dateReserved": "2026-02-11T16:04:36.872Z",
"dateUpdated": "2026-03-02T15:50:27.043Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-1292 (GCVE-0-2026-1292)
Vulnerability from cvelistv5
Published
2026-02-19 23:10
Modified
2026-03-02 15:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-532 - Insertion of Sensitive Information into Log File
Summary
Tanium addressed an insertion of sensitive information into log file vulnerability in Trends.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-1292",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-02T15:50:37.988052Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-02T15:50:54.033Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:tanium:service_trends:3.10.19:*:*:*:*:*:*:*",
"cpe:2.3:a:tanium:service_trends:3.11.77:*:*:*:*:*:*:*"
],
"product": "Trends",
"vendor": "Tanium",
"versions": [
{
"lessThan": "3.10.20",
"status": "affected",
"version": "3.10.0",
"versionType": "custom"
},
{
"lessThan": "3.11.79",
"status": "affected",
"version": "3.11.0",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2026-01-21T16:30:45.079Z",
"datePublic": "2026-02-19T23:09:55.630Z",
"descriptions": [
{
"lang": "en",
"value": "Tanium addressed an insertion of sensitive information into log file vulnerability in Trends."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "Insertion of Sensitive Information into Log File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-19T23:10:23.372Z",
"orgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"shortName": "Tanium"
},
"references": [
{
"name": "TAN-2026-007",
"url": "https://security.tanium.com/TAN-2026-007"
}
],
"title": "Tanium addressed an insertion of sensitive information into log file vulnerability in Trends."
}
},
"cveMetadata": {
"assignerOrgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"assignerShortName": "Tanium",
"cveId": "CVE-2026-1292",
"datePublished": "2026-02-19T23:10:23.372Z",
"dateReserved": "2026-01-21T16:30:45.783Z",
"dateUpdated": "2026-03-02T15:50:54.033Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-2605 (GCVE-0-2026-2605)
Vulnerability from cvelistv5
Published
2026-02-19 23:10
Modified
2026-03-02 15:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-532 - Insertion of Sensitive Information into Log File
Summary
Tanium addressed an insertion of sensitive information into log file vulnerability in TanOS.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-2605",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-02T15:51:21.997907Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-02T15:51:41.710Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:tanium:tanos:1.8.4.0249:*:*:*:*:*:*:*",
"cpe:2.3:a:tanium:tanos:1.8.5.0282:*:*:*:*:*:*:*",
"cpe:2.3:a:tanium:tanos:1.8.6.0150:*:*:*:*:*:*:*"
],
"product": "TanOS",
"vendor": "Tanium",
"versions": [
{
"lessThan": "1.8.4.0249",
"status": "affected",
"version": "1.8.4",
"versionType": "custom"
},
{
"lessThan": "1.8.5.0282",
"status": "affected",
"version": "1.8.5",
"versionType": "custom"
},
{
"lessThan": "1.8.6.0150",
"status": "affected",
"version": "1.8.6",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2026-02-16T21:37:14.785Z",
"datePublic": "2026-02-19T23:09:49.159Z",
"descriptions": [
{
"lang": "en",
"value": "Tanium addressed an insertion of sensitive information into log file vulnerability in TanOS."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "Insertion of Sensitive Information into Log File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-19T23:13:38.465Z",
"orgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"shortName": "Tanium"
},
"references": [
{
"name": "TAN-2026-006",
"url": "https://security.tanium.com/TAN-2026-006"
}
],
"title": "Tanium addressed an insertion of sensitive information into log file vulnerability in TanOS."
}
},
"cveMetadata": {
"assignerOrgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"assignerShortName": "Tanium",
"cveId": "CVE-2026-2605",
"datePublished": "2026-02-19T23:10:02.867Z",
"dateReserved": "2026-02-16T21:37:15.555Z",
"dateUpdated": "2026-03-02T15:51:41.710Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-2408 (GCVE-0-2026-2408)
Vulnerability from cvelistv5
Published
2026-02-19 23:09
Modified
2026-03-02 15:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-416 - Use After Free
Summary
Tanium addressed a use-after-free vulnerability in the Cloud Workloads Enforce client extension.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Tanium | Cloud Workloads |
Version: 1.0.222 < 1.0.222 cpe:2.3:a:tanium:service_cloudworkloads:1.0.221:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-2408",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-02T15:54:55.216169Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-02T15:55:09.813Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:tanium:service_cloudworkloads:1.0.221:*:*:*:*:*:*:*"
],
"product": "Cloud Workloads",
"vendor": "Tanium",
"versions": [
{
"lessThan": "1.0.222",
"status": "affected",
"version": "1.0.222",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2026-02-12T13:49:48.721Z",
"datePublic": "2026-02-19T23:09:40.352Z",
"descriptions": [
{
"lang": "en",
"value": "Tanium addressed a use-after-free vulnerability in the Cloud Workloads Enforce client extension."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-19T23:09:51.620Z",
"orgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"shortName": "Tanium"
},
"references": [
{
"name": "TAN-2026-005",
"url": "https://security.tanium.com/TAN-2026-005"
}
],
"title": "Use-after-free in Cloud Workloads"
}
},
"cveMetadata": {
"assignerOrgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"assignerShortName": "Tanium",
"cveId": "CVE-2026-2408",
"datePublished": "2026-02-19T23:09:51.620Z",
"dateReserved": "2026-02-12T13:49:49.307Z",
"dateUpdated": "2026-03-02T15:55:09.813Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-2435 (GCVE-0-2026-2435)
Vulnerability from cvelistv5
Published
2026-02-19 23:09
Modified
2026-03-02 15:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Summary
Tanium addressed a SQL injection vulnerability in Asset.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-2435",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-02T15:55:19.435641Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-02T15:55:43.064Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:tanium:service_asset:1.32.178:*:*:*:*:*:*:*",
"cpe:2.3:a:tanium:service_asset:1.33.268:*:*:*:*:*:*:*",
"cpe:2.3:a:tanium:service_asset:1.36.107:*:*:*:*:*:*:*"
],
"product": "Asset",
"vendor": "Tanium",
"versions": [
{
"lessThan": "1.32.179",
"status": "affected",
"version": "1.32",
"versionType": "custom"
},
{
"lessThan": "1.33.269",
"status": "affected",
"version": "1.33",
"versionType": "custom"
},
{
"lessThan": "1.36.108",
"status": "affected",
"version": "1.36",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2026-02-12T22:26:04.213Z",
"datePublic": "2026-02-19T23:09:30.641Z",
"descriptions": [
{
"lang": "en",
"value": "Tanium addressed a SQL injection vulnerability in Asset."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-19T23:09:41.110Z",
"orgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"shortName": "Tanium"
},
"references": [
{
"name": "TAN-2026-004",
"url": "https://security.tanium.com/TAN-2026-004"
}
],
"title": "ASSET-7706"
}
},
"cveMetadata": {
"assignerOrgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"assignerShortName": "Tanium",
"cveId": "CVE-2026-2435",
"datePublished": "2026-02-19T23:09:41.110Z",
"dateReserved": "2026-02-12T22:26:04.828Z",
"dateUpdated": "2026-03-02T15:55:43.064Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-1344 (GCVE-0-2026-1344)
Vulnerability from cvelistv5
Published
2026-02-17 23:43
Modified
2026-02-18 13:41
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-732 - Incorrect Permission Assignment for Critical Resource
Summary
Tanium addressed an insecure file permissions vulnerability in Enforce Recovery Key Portal.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Tanium | Enforce Recovery Key Portal |
Version: 1.0.0 < 1.62.5 cpe:2.3:a:tanium:service_enforce_recovery-key-portal:1.62.4:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-1344",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-18T13:40:38.287908Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-18T13:41:49.780Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:tanium:service_enforce_recovery-key-portal:1.62.4:*:*:*:*:*:*:*"
],
"product": "Enforce Recovery Key Portal",
"vendor": "Tanium",
"versions": [
{
"lessThan": "1.62.5",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2026-01-22T16:16:38.364Z",
"datePublic": "2026-02-17T23:43:20.540Z",
"descriptions": [
{
"lang": "en",
"value": "Tanium addressed an insecure file permissions vulnerability in Enforce Recovery Key Portal."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "Incorrect Permission Assignment for Critical Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-17T23:43:30.432Z",
"orgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"shortName": "Tanium"
},
"references": [
{
"name": "TAN-2026-003",
"url": "https://security.tanium.com/TAN-2026-003"
}
],
"title": "Insecure file permissions in Enforce Recovery Key Portal"
}
},
"cveMetadata": {
"assignerOrgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"assignerShortName": "Tanium",
"cveId": "CVE-2026-1344",
"datePublished": "2026-02-17T23:43:30.432Z",
"dateReserved": "2026-01-22T16:16:38.983Z",
"dateUpdated": "2026-02-18T13:41:49.780Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-15314 (GCVE-0-2025-15314)
Vulnerability from cvelistv5
Published
2026-02-09 23:05
Modified
2026-02-10 20:18
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-59 - Improper Link Resolution Before File Access ('Link Following')
Summary
Tanium addressed an arbitrary file deletion vulnerability in end-user-cx.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Tanium | end-user-cx |
Version: 1.4.0 < 1.4.1175 Version: 1.6.0 < 1.6.926 Version: 1.8.0 < 1.8.21 cpe:2.3:a:tanium:endpoint_end-user-cx:1.4.1174:*:*:*:*:*:*:* cpe:2.3:a:tanium:endpoint_end-user-cx:1.6.925:*:*:*:*:*:*:* cpe:2.3:a:tanium:endpoint_end-user-cx:1.8.20:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-15314",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-10T20:18:17.474330Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-10T20:18:24.846Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:tanium:endpoint_end-user-cx:1.4.1174:*:*:*:*:*:*:*",
"cpe:2.3:a:tanium:endpoint_end-user-cx:1.6.925:*:*:*:*:*:*:*",
"cpe:2.3:a:tanium:endpoint_end-user-cx:1.8.20:*:*:*:*:*:*:*"
],
"product": "end-user-cx",
"vendor": "Tanium",
"versions": [
{
"lessThan": "1.4.1175",
"status": "affected",
"version": "1.4.0",
"versionType": "custom"
},
{
"lessThan": "1.6.926",
"status": "affected",
"version": "1.6.0",
"versionType": "custom"
},
{
"lessThan": "1.8.21",
"status": "affected",
"version": "1.8.0",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2025-12-29T23:12:54.705Z",
"datePublic": "2025-02-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Tanium addressed an arbitrary file deletion vulnerability in end-user-cx."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-09T23:06:46.478Z",
"orgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"shortName": "Tanium"
},
"references": [
{
"name": "TAN-2025-010",
"url": "https://security.tanium.com/TAN-2025-010"
}
],
"title": "Tanium addressed an arbitrary file deletion vulnerability in end-user-cx."
}
},
"cveMetadata": {
"assignerOrgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"assignerShortName": "Tanium",
"cveId": "CVE-2025-15314",
"datePublished": "2026-02-09T23:05:16.503Z",
"dateReserved": "2025-12-29T23:12:54.874Z",
"dateUpdated": "2026-02-10T20:18:24.846Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-15313 (GCVE-0-2025-15313)
Vulnerability from cvelistv5
Published
2026-02-09 23:05
Modified
2026-02-10 20:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-59 - Improper Link Resolution Before File Access ('Link Following')
Summary
Tanium addressed an arbitrary file deletion vulnerability in Tanium EUSS.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Tanium | Tanium EUSS |
Version: 1.17.0 < 1.17.41 Version: 1.18.0 < 1.18.28 cpe:2.3:a:tanium:endpoint_euss:1.17.40:*:*:*:*:*:*:* cpe:2.3:a:tanium:endpoint_euss:1.18.27:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-15313",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-10T20:17:52.390755Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-10T20:17:58.821Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:tanium:endpoint_euss:1.17.40:*:*:*:*:*:*:*",
"cpe:2.3:a:tanium:endpoint_euss:1.18.27:*:*:*:*:*:*:*"
],
"product": "Tanium EUSS",
"vendor": "Tanium",
"versions": [
{
"lessThan": "1.17.41",
"status": "affected",
"version": "1.17.0",
"versionType": "custom"
},
{
"lessThan": "1.18.28",
"status": "affected",
"version": "1.18.0",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2025-12-29T23:12:53.970Z",
"datePublic": "2025-02-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Tanium addressed an arbitrary file deletion vulnerability in Tanium EUSS."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-09T23:09:09.849Z",
"orgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"shortName": "Tanium"
},
"references": [
{
"name": "TAN-2025-010",
"url": "https://security.tanium.com/TAN-2025-010"
}
],
"title": "Tanium addressed an arbitrary file deletion vulnerability in Tanium EUSS."
}
},
"cveMetadata": {
"assignerOrgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"assignerShortName": "Tanium",
"cveId": "CVE-2025-15313",
"datePublished": "2026-02-09T23:05:16.158Z",
"dateReserved": "2025-12-29T23:12:54.257Z",
"dateUpdated": "2026-02-10T20:17:58.821Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-15310 (GCVE-0-2025-15310)
Vulnerability from cvelistv5
Published
2026-02-09 23:00
Modified
2026-02-10 20:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-59 - Improper Link Resolution Before File Access ('Link Following')
Summary
Tanium addressed a local privilege escalation vulnerability in Patch Endpoint Tools.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Tanium | Patch Endpoint Tools |
Version: 3.17.0 < 3.17.10195 Version: 10.1.0 < 10.1.33 Version: 10.2.0 < 10.2.22 cpe:2.3:a:tanium:endpoint_patch:3.17.10194:*:*:*:*:*:*:* cpe:2.3:a:tanium:endpoint_patch:10.1.32:*:*:*:*:*:*:* cpe:2.3:a:tanium:endpoint_patch:10.2.21:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-15310",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-10T20:17:22.301449Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-10T20:17:29.236Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:tanium:endpoint_patch:3.17.10194:*:*:*:*:*:*:*",
"cpe:2.3:a:tanium:endpoint_patch:10.1.32:*:*:*:*:*:*:*",
"cpe:2.3:a:tanium:endpoint_patch:10.2.21:*:*:*:*:*:*:*"
],
"product": "Patch Endpoint Tools",
"vendor": "Tanium",
"versions": [
{
"lessThan": "3.17.10195",
"status": "affected",
"version": "3.17.0",
"versionType": "custom"
},
{
"lessThan": "10.1.33",
"status": "affected",
"version": "10.1.0",
"versionType": "custom"
},
{
"lessThan": "10.2.22",
"status": "affected",
"version": "10.2.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Filip Magic"
}
],
"dateAssigned": "2025-12-29T23:12:52.295Z",
"datePublic": "2025-01-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Tanium addressed a local privilege escalation vulnerability in Patch Endpoint Tools."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-09T23:11:05.748Z",
"orgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"shortName": "Tanium"
},
"references": [
{
"name": "TAN-2025-001",
"url": "https://security.tanium.com/TAN-2025-001"
}
],
"title": "Tanium addressed a local privilege escalation vulnerability in Patch Endpoint Tools."
}
},
"cveMetadata": {
"assignerOrgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"assignerShortName": "Tanium",
"cveId": "CVE-2025-15310",
"datePublished": "2026-02-09T23:00:51.789Z",
"dateReserved": "2025-12-29T23:12:52.477Z",
"dateUpdated": "2026-02-10T20:17:29.236Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-15318 (GCVE-0-2025-15318)
Vulnerability from cvelistv5
Published
2026-02-09 22:56
Modified
2026-02-10 21:22
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-59 - Improper Link Resolution Before File Access ('Link Following')
Summary
Tanium addressed an arbitrary file deletion vulnerability in End-User Notifications Endpoint Tools.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Tanium | End-User Notifications Endpoint Tools |
Version: 1.18.0 < 1.18.10079 Version: 10.0.0 < 10.0.14 Version: 10.1.0 < 10.1.20 cpe:2.3:a:tanium:endpoint_end-user-notifications:1.18.10078:*:*:*:*:*:*:* cpe:2.3:a:tanium:endpoint_end-user-notifications:10.0.13:*:*:*:*:*:*:* cpe:2.3:a:tanium:endpoint_end-user-notifications:10.1.19:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-15318",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-10T21:21:53.649467Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-10T21:22:00.345Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:tanium:endpoint_end-user-notifications:1.18.10078:*:*:*:*:*:*:*",
"cpe:2.3:a:tanium:endpoint_end-user-notifications:10.0.13:*:*:*:*:*:*:*",
"cpe:2.3:a:tanium:endpoint_end-user-notifications:10.1.19:*:*:*:*:*:*:*"
],
"product": "End-User Notifications Endpoint Tools",
"vendor": "Tanium",
"versions": [
{
"lessThan": "1.18.10079",
"status": "affected",
"version": "1.18.0",
"versionType": "custom"
},
{
"lessThan": "10.0.14",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
},
{
"lessThan": "10.1.20",
"status": "affected",
"version": "10.1.0",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2025-12-29T23:12:57.784Z",
"datePublic": "2025-05-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Tanium addressed an arbitrary file deletion vulnerability in End-User Notifications Endpoint Tools."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-09T23:11:46.729Z",
"orgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"shortName": "Tanium"
},
"references": [
{
"name": "TAN-2025-017",
"url": "https://security.tanium.com/TAN-2025-017"
}
],
"title": "Tanium addressed an arbitrary file deletion vulnerability in End-User Notifications Endpoint Tools."
}
},
"cveMetadata": {
"assignerOrgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"assignerShortName": "Tanium",
"cveId": "CVE-2025-15318",
"datePublished": "2026-02-09T22:56:27.343Z",
"dateReserved": "2025-12-29T23:12:57.929Z",
"dateUpdated": "2026-02-10T21:22:00.345Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-15319 (GCVE-0-2025-15319)
Vulnerability from cvelistv5
Published
2026-02-09 22:52
Modified
2026-02-10 21:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-59 - Improper Link Resolution Before File Access ('Link Following')
Summary
Tanium addressed a local privilege escalation vulnerability in Patch Endpoint Tools.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Tanium | Patch Endpoint Tools |
Version: 3.17.0 < 3.17.10207 Version: 10.1.0 < 10.1.50 Version: 10.7.0 < 10.7.25 Version: 10.9.0 < 10.9.31 Version: 10.11.0 < 10.11.27 cpe:2.3:a:tanium:endpoint_patch:3.17.10206:*:*:*:*:*:*:* cpe:2.3:a:tanium:endpoint_patch:10.1.49:*:*:*:*:*:*:* cpe:2.3:a:tanium:endpoint_patch:10.7.24:*:*:*:*:*:*:* cpe:2.3:a:tanium:endpoint_patch:10.9.30:*:*:*:*:*:*:* cpe:2.3:a:tanium:endpoint_patch:10.10.26:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-15319",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-10T21:21:32.326259Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-10T21:21:40.851Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:tanium:endpoint_patch:3.17.10206:*:*:*:*:*:*:*",
"cpe:2.3:a:tanium:endpoint_patch:10.1.49:*:*:*:*:*:*:*",
"cpe:2.3:a:tanium:endpoint_patch:10.7.24:*:*:*:*:*:*:*",
"cpe:2.3:a:tanium:endpoint_patch:10.9.30:*:*:*:*:*:*:*",
"cpe:2.3:a:tanium:endpoint_patch:10.10.26:*:*:*:*:*:*:*"
],
"product": "Patch Endpoint Tools",
"vendor": "Tanium",
"versions": [
{
"lessThan": "3.17.10207",
"status": "affected",
"version": "3.17.0",
"versionType": "custom"
},
{
"lessThan": "10.1.50",
"status": "affected",
"version": "10.1.0",
"versionType": "custom"
},
{
"lessThan": "10.7.25",
"status": "affected",
"version": "10.7.0",
"versionType": "custom"
},
{
"lessThan": "10.9.31",
"status": "affected",
"version": "10.9.0",
"versionType": "custom"
},
{
"lessThan": "10.11.27",
"status": "affected",
"version": "10.11.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Owen Jeanes"
}
],
"dateAssigned": "2025-12-29T23:12:58.700Z",
"datePublic": "2025-08-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Tanium addressed a local privilege escalation vulnerability in Patch Endpoint Tools."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-09T23:09:49.225Z",
"orgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"shortName": "Tanium"
},
"references": [
{
"name": "TAN-2025-021",
"url": "https://security.tanium.com/TAN-2025-021"
}
],
"title": "Tanium addressed a local privilege escalation vulnerability in Patch Endpoint Tools."
}
},
"cveMetadata": {
"assignerOrgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"assignerShortName": "Tanium",
"cveId": "CVE-2025-15319",
"datePublished": "2026-02-09T22:52:32.693Z",
"dateReserved": "2025-12-29T23:12:58.866Z",
"dateUpdated": "2026-02-10T21:21:40.851Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-15315 (GCVE-0-2025-15315)
Vulnerability from cvelistv5
Published
2026-02-09 21:48
Modified
2026-02-10 16:59
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-88 - Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
Summary
Tanium addressed a local privilege escalation vulnerability in Tanium Module Server.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Tanium | Tanium Module Server |
Version: 7.5.6.0 < 7.5.6.1161 Version: 7.4.6.0 < 7.4.6.1151 Version: 7.6.2.0 < 7.6.2.1293 Version: 7.6.4.0 < 7.6.4.2114 cpe:2.3:a:tanium:moduleserver:7.5.6.1160:*:*:*:*:*:*:* cpe:2.3:a:tanium:moduleserver:7.4.6.1150:*:*:*:*:*:*:* cpe:2.3:a:tanium:moduleserver:7.6.2.1292:*:*:*:*:*:*:* cpe:2.3:a:tanium:moduleserver:7.6.4.2113:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-15315",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-10T16:58:41.692979Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-10T16:59:35.140Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:tanium:moduleserver:7.5.6.1160:*:*:*:*:*:*:*",
"cpe:2.3:a:tanium:moduleserver:7.4.6.1150:*:*:*:*:*:*:*",
"cpe:2.3:a:tanium:moduleserver:7.6.2.1292:*:*:*:*:*:*:*",
"cpe:2.3:a:tanium:moduleserver:7.6.4.2113:*:*:*:*:*:*:*"
],
"product": "Tanium Module Server",
"vendor": "Tanium",
"versions": [
{
"lessThan": "7.5.6.1161",
"status": "affected",
"version": "7.5.6.0",
"versionType": "custom"
},
{
"lessThan": "7.4.6.1151",
"status": "affected",
"version": "7.4.6.0",
"versionType": "custom"
},
{
"lessThan": "7.6.2.1293",
"status": "affected",
"version": "7.6.2.0",
"versionType": "custom"
},
{
"lessThan": "7.6.4.2114",
"status": "affected",
"version": "7.6.4.0",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2025-12-29T23:12:55.398Z",
"datePublic": "2025-02-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Tanium addressed a local privilege escalation vulnerability in Tanium Module Server."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-88",
"description": "Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-09T21:48:49.693Z",
"orgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"shortName": "Tanium"
},
"references": [
{
"name": "TAN-2025-011",
"url": "https://security.tanium.com/TAN-2025-011"
}
],
"title": "Tanium addressed a local privilege escalation vulnerability in Tanium Module Server."
}
},
"cveMetadata": {
"assignerOrgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"assignerShortName": "Tanium",
"cveId": "CVE-2025-15315",
"datePublished": "2026-02-09T21:48:49.693Z",
"dateReserved": "2025-12-29T23:12:55.559Z",
"dateUpdated": "2026-02-10T16:59:35.140Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-15316 (GCVE-0-2025-15316)
Vulnerability from cvelistv5
Published
2026-02-09 21:48
Modified
2026-02-10 15:59
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-88 - Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
Summary
Tanium addressed a local privilege escalation vulnerability in Tanium Server.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Tanium | Tanium Server |
Version: 7.4.6.0 < 7.4.6.1151 Version: 7.5.6.0 < 7.5.6.1161 Version: 7.6.2.0 < 7.6.2.1293 Version: 7.6.4.0 < 7.6.4.2114 cpe:2.3:a:tanium:server:7.4.6.1150:*:*:*:*:*:*:* cpe:2.3:a:tanium:server:7.5.6.1160:*:*:*:*:*:*:* cpe:2.3:a:tanium:server:7.6.2.1292:*:*:*:*:*:*:* cpe:2.3:a:tanium:server:7.6.4.2113:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-15316",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-10T15:58:59.416693Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-10T15:59:23.904Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:tanium:server:7.4.6.1150:*:*:*:*:*:*:*",
"cpe:2.3:a:tanium:server:7.5.6.1160:*:*:*:*:*:*:*",
"cpe:2.3:a:tanium:server:7.6.2.1292:*:*:*:*:*:*:*",
"cpe:2.3:a:tanium:server:7.6.4.2113:*:*:*:*:*:*:*"
],
"product": "Tanium Server",
"vendor": "Tanium",
"versions": [
{
"lessThan": "7.4.6.1151",
"status": "affected",
"version": "7.4.6.0",
"versionType": "custom"
},
{
"lessThan": "7.5.6.1161",
"status": "affected",
"version": "7.5.6.0",
"versionType": "custom"
},
{
"lessThan": "7.6.2.1293",
"status": "affected",
"version": "7.6.2.0",
"versionType": "custom"
},
{
"lessThan": "7.6.4.2114",
"status": "affected",
"version": "7.6.4.0",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2025-12-29T23:12:56.161Z",
"datePublic": "2025-02-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Tanium addressed a local privilege escalation vulnerability in Tanium Server."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-88",
"description": "Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-09T21:48:49.471Z",
"orgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"shortName": "Tanium"
},
"references": [
{
"name": "TAN-2025-011",
"url": "https://security.tanium.com/TAN-2025-011"
}
],
"title": "Tanium addressed a local privilege escalation vulnerability in Tanium Server."
}
},
"cveMetadata": {
"assignerOrgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"assignerShortName": "Tanium",
"cveId": "CVE-2025-15316",
"datePublished": "2026-02-09T21:48:49.471Z",
"dateReserved": "2025-12-29T23:12:56.327Z",
"dateUpdated": "2026-02-10T15:59:23.904Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-15317 (GCVE-0-2025-15317)
Vulnerability from cvelistv5
Published
2026-02-09 21:43
Modified
2026-02-10 16:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-770 - Allocation of Resources Without Limits or Throttling
Summary
Tanium addressed an uncontrolled resource consumption vulnerability in Tanium Server.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Tanium | Tanium Server |
Version: 7.4.6.0 < 7.4.6.1154 Version: 7.5.6.0 < 7.5.6.1164 Version: 7.6.2.0 < 7.6.2.1303 Version: 7.6.4.0 < 7.6.4.2124 cpe:2.3:a:tanium:server:7.4.6.1153:*:*:*:*:*:*:* cpe:2.3:a:tanium:server:7.5.6.1163:*:*:*:*:*:*:* cpe:2.3:a:tanium:server:7.6.2.1302:*:*:*:*:*:*:* cpe:2.3:a:tanium:server:7.6.4.2123:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-15317",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-10T16:00:52.783721Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-10T16:01:34.788Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:tanium:server:7.4.6.1153:*:*:*:*:*:*:*",
"cpe:2.3:a:tanium:server:7.5.6.1163:*:*:*:*:*:*:*",
"cpe:2.3:a:tanium:server:7.6.2.1302:*:*:*:*:*:*:*",
"cpe:2.3:a:tanium:server:7.6.4.2123:*:*:*:*:*:*:*"
],
"product": "Tanium Server",
"vendor": "Tanium",
"versions": [
{
"lessThan": "7.4.6.1154",
"status": "affected",
"version": "7.4.6.0",
"versionType": "custom"
},
{
"lessThan": "7.5.6.1164",
"status": "affected",
"version": "7.5.6.0",
"versionType": "custom"
},
{
"lessThan": "7.6.2.1303",
"status": "affected",
"version": "7.6.2.0",
"versionType": "custom"
},
{
"lessThan": "7.6.4.2124",
"status": "affected",
"version": "7.6.4.0",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2025-12-29T23:12:56.967Z",
"datePublic": "2025-03-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Tanium addressed an uncontrolled resource consumption vulnerability in Tanium Server."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-09T21:43:41.258Z",
"orgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"shortName": "Tanium"
},
"references": [
{
"name": "TAN-2025-013",
"url": "https://security.tanium.com/TAN-2025-013"
}
],
"title": "Tanium addressed an uncontrolled resource consumption vulnerability in Tanium Server."
}
},
"cveMetadata": {
"assignerOrgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"assignerShortName": "Tanium",
"cveId": "CVE-2025-15317",
"datePublished": "2026-02-09T21:43:41.258Z",
"dateReserved": "2025-12-29T23:12:57.132Z",
"dateUpdated": "2026-02-10T16:01:34.788Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-15320 (GCVE-0-2025-15320)
Vulnerability from cvelistv5
Published
2026-02-06 19:18
Modified
2026-02-06 19:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-605 - Multiple Binds to the Same Port
Summary
Tanium addressed a denial of service vulnerability in Tanium Client.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Tanium | Tanium Client |
Version: 7.6.2.0 < 7.6.2.1327 Version: 7.6.4.0 < 7.6.4.2160 Version: 7.7.3.0 < 7.7.3.8231 Version: 7.4.10.0 < 7.4.10.1118 cpe:2.3:a:tanium:client:7.4.10.1116:*:*:*:*:*:*:* cpe:2.3:a:tanium:client:7.6.2.1326:*:*:*:*:*:*:* cpe:2.3:a:tanium:client:7.6.4.2159:*:*:*:*:*:*:* cpe:2.3:a:tanium:client:7.7.3.8230:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-15320",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-06T19:40:12.881671Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-06T19:40:46.455Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:tanium:client:7.4.10.1116:*:*:*:*:*:*:*",
"cpe:2.3:a:tanium:client:7.6.2.1326:*:*:*:*:*:*:*",
"cpe:2.3:a:tanium:client:7.6.4.2159:*:*:*:*:*:*:*",
"cpe:2.3:a:tanium:client:7.7.3.8230:*:*:*:*:*:*:*"
],
"product": "Tanium Client",
"vendor": "Tanium",
"versions": [
{
"lessThan": "7.6.2.1327",
"status": "affected",
"version": "7.6.2.0",
"versionType": "custom"
},
{
"lessThan": "7.6.4.2160",
"status": "affected",
"version": "7.6.4.0",
"versionType": "custom"
},
{
"lessThan": "7.7.3.8231",
"status": "affected",
"version": "7.7.3.0",
"versionType": "custom"
},
{
"lessThan": "7.4.10.1118",
"status": "affected",
"version": "7.4.10.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Filip Waeytens"
},
{
"lang": "en",
"type": "reporter",
"value": "Frank Lycops"
},
{
"lang": "en",
"type": "reporter",
"value": "Jean-Michel Huguet"
},
{
"lang": "en",
"type": "reporter",
"value": "Jorge Escabias"
},
{
"lang": "en",
"type": "reporter",
"value": "Justin Hocquel from NCIA/NCSC"
}
],
"dateAssigned": "2025-12-29T23:12:59.718Z",
"datePublic": "2025-08-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Tanium addressed a denial of service vulnerability in Tanium Client."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-605",
"description": "Multiple Binds to the Same Port",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-06T19:18:13.493Z",
"orgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"shortName": "Tanium"
},
"references": [
{
"name": "TAN-2025-023",
"url": "https://security.tanium.com/TAN-2025-023"
}
],
"title": "Tanium addressed a denial of service vulnerability in Tanium Client."
}
},
"cveMetadata": {
"assignerOrgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"assignerShortName": "Tanium",
"cveId": "CVE-2025-15320",
"datePublished": "2026-02-06T19:18:13.493Z",
"dateReserved": "2025-12-29T23:12:59.888Z",
"dateUpdated": "2026-02-06T19:40:46.455Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-15311 (GCVE-0-2025-15311)
Vulnerability from cvelistv5
Published
2026-02-05 18:26
Modified
2026-02-06 19:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-150 - Improper Neutralization of Escape, Meta, or Control Sequences
Summary
Tanium addressed an unauthorized code execution vulnerability in Tanium Appliance.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Tanium | Tanium Appliance |
Version: 1.8.3.0 < 1.8.3.0146 Version: 1.8.4.0 < 1.8.4.0149 Version: 1.8.5.0 < 1.8.5.0212 cpe:2.3:a:tanium:tanos:1.8.3.0145:*:*:*:*:*:*:* cpe:2.3:a:tanium:tanos:1.8.4.0148:*:*:*:*:*:*:* cpe:2.3:a:tanium:tanos:1.8.5.0211:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-15311",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-06T19:01:19.848854Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-06T19:01:30.739Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:tanium:tanos:1.8.3.0145:*:*:*:*:*:*:*",
"cpe:2.3:a:tanium:tanos:1.8.4.0148:*:*:*:*:*:*:*",
"cpe:2.3:a:tanium:tanos:1.8.5.0211:*:*:*:*:*:*:*"
],
"product": "Tanium Appliance",
"vendor": "Tanium",
"versions": [
{
"lessThan": "1.8.3.0146",
"status": "affected",
"version": "1.8.3.0",
"versionType": "custom"
},
{
"lessThan": "1.8.4.0149",
"status": "affected",
"version": "1.8.4.0",
"versionType": "custom"
},
{
"lessThan": "1.8.5.0212",
"status": "affected",
"version": "1.8.5.0",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2025-12-29T23:12:52.865Z",
"datePublic": "2025-01-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Tanium addressed an unauthorized code execution vulnerability in Tanium Appliance."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-150",
"description": "Improper Neutralization of Escape, Meta, or Control Sequences",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-05T18:26:23.251Z",
"orgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"shortName": "Tanium"
},
"references": [
{
"name": "TAN-2025-002",
"url": "https://security.tanium.com/TAN-2025-002"
}
],
"title": "Tanium addressed an unauthorized code execution vulnerability in Tanium Appliance."
}
},
"cveMetadata": {
"assignerOrgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"assignerShortName": "Tanium",
"cveId": "CVE-2025-15311",
"datePublished": "2026-02-05T18:26:23.251Z",
"dateReserved": "2025-12-29T23:12:53.054Z",
"dateUpdated": "2026-02-06T19:01:30.739Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-15312 (GCVE-0-2025-15312)
Vulnerability from cvelistv5
Published
2026-02-05 18:26
Modified
2026-02-06 19:02
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-116 - Improper Encoding or Escaping of Output
Summary
Tanium addressed an improper output sanitization vulnerability in Tanium Appliance.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Tanium | Tanium Appliance |
Version: 1.8.3.0 < 1.8.3.0146 Version: 1.8.4.0 < 1.8.4.0157 cpe:2.3:a:tanium:tanos:1.8.3.0145:*:*:*:*:*:*:* cpe:2.3:a:tanium:tanos:1.8.4.0156:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-15312",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-06T19:02:02.740803Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-06T19:02:11.979Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:tanium:tanos:1.8.3.0145:*:*:*:*:*:*:*",
"cpe:2.3:a:tanium:tanos:1.8.4.0156:*:*:*:*:*:*:*"
],
"product": "Tanium Appliance",
"vendor": "Tanium",
"versions": [
{
"lessThan": "1.8.3.0146",
"status": "affected",
"version": "1.8.3.0",
"versionType": "custom"
},
{
"lessThan": "1.8.4.0157",
"status": "affected",
"version": "1.8.4.0",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2025-12-29T23:12:53.375Z",
"datePublic": "2025-01-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Tanium addressed an improper output sanitization vulnerability in Tanium Appliance."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-116",
"description": "Improper Encoding or Escaping of Output",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-05T18:26:06.378Z",
"orgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"shortName": "Tanium"
},
"references": [
{
"name": "TAN-2025-003",
"url": "https://security.tanium.com/TAN-2025-003"
}
],
"title": "Tanium addressed an improper output sanitization vulnerability in TanOS."
}
},
"cveMetadata": {
"assignerOrgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"assignerShortName": "Tanium",
"cveId": "CVE-2025-15312",
"datePublished": "2026-02-05T18:26:06.378Z",
"dateReserved": "2025-12-29T23:12:53.559Z",
"dateUpdated": "2026-02-06T19:02:11.979Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-15324 (GCVE-0-2025-15324)
Vulnerability from cvelistv5
Published
2026-02-05 18:25
Modified
2026-02-06 19:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-59 - Improper Link Resolution Before File Access ('Link Following')
Summary
Tanium addressed a documentation issue in Engage.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-15324",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-06T19:03:35.009129Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-06T19:03:42.971Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:tanium:service_engage:1.3.36:*:*:*:*:*:*:*",
"cpe:2.3:a:tanium:service_engage:1.6.192:*:*:*:*:*:*:*"
],
"product": "Engage",
"vendor": "Tanium",
"versions": [
{
"lessThan": "1.3.37",
"status": "affected",
"version": "1.3.0",
"versionType": "custom"
},
{
"lessThan": "1.6.193",
"status": "affected",
"version": "1.6.0",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2025-12-29T23:13:03.546Z",
"datePublic": "2025-01-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Tanium addressed a documentation issue in Engage."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-05T18:25:52.474Z",
"orgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"shortName": "Tanium"
},
"references": [
{
"name": "TAN-2025-004",
"url": "https://security.tanium.com/TAN-2025-004"
}
],
"title": "Tanium addressed a local privilege escalation vulnerability in Engage."
}
},
"cveMetadata": {
"assignerOrgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"assignerShortName": "Tanium",
"cveId": "CVE-2025-15324",
"datePublished": "2026-02-05T18:25:52.474Z",
"dateReserved": "2025-12-29T23:13:03.776Z",
"dateUpdated": "2026-02-06T19:03:42.971Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-15325 (GCVE-0-2025-15325)
Vulnerability from cvelistv5
Published
2026-02-05 18:25
Modified
2026-02-06 19:04
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Summary
Tanium addressed an improper input validation vulnerability in Discover.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-15325",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-06T19:04:36.861254Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-06T19:04:45.319Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:tanium:service_discover:4.10.89:*:*:*:*:*:*:*"
],
"product": "Discover",
"vendor": "Tanium",
"versions": [
{
"lessThan": "4.10.90",
"status": "affected",
"version": "4.10.0",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2025-12-29T23:13:04.660Z",
"datePublic": "2025-01-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Tanium addressed an improper input validation vulnerability in Discover."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-05T18:25:29.908Z",
"orgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"shortName": "Tanium"
},
"references": [
{
"name": "TAN-2025-005",
"url": "https://security.tanium.com/TAN-2025-005"
}
],
"title": "Tanium addressed an improper input validation vulnerability in Discover."
}
},
"cveMetadata": {
"assignerOrgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"assignerShortName": "Tanium",
"cveId": "CVE-2025-15325",
"datePublished": "2026-02-05T18:25:29.908Z",
"dateReserved": "2025-12-29T23:13:04.840Z",
"dateUpdated": "2026-02-06T19:04:45.319Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-15326 (GCVE-0-2025-15326)
Vulnerability from cvelistv5
Published
2026-02-05 18:25
Modified
2026-02-06 19:07
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-862 - Missing Authorization
Summary
Tanium addressed an improper access controls vulnerability in Patch.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-15326",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-06T19:07:15.349117Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-06T19:07:24.033Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:tanium:service_patch:3.17.2261:*:*:*:*:*:*:*",
"cpe:2.3:a:tanium:service_patch:3.19.194:*:*:*:*:*:*:*"
],
"product": "Patch",
"vendor": "Tanium",
"versions": [
{
"lessThan": "3.17.2262",
"status": "affected",
"version": "3.17.0",
"versionType": "custom"
},
{
"lessThan": "3.19.195",
"status": "affected",
"version": "3.19.0",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2025-12-29T23:13:29.639Z",
"datePublic": "2025-01-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Tanium addressed an improper access controls vulnerability in Patch."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-05T18:25:11.487Z",
"orgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"shortName": "Tanium"
},
"references": [
{
"name": "TAN-2025-006",
"url": "https://security.tanium.com/TAN-2025-006"
}
],
"title": "Tanium addressed an improper access controls vulnerability in Patch."
}
},
"cveMetadata": {
"assignerOrgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"assignerShortName": "Tanium",
"cveId": "CVE-2025-15326",
"datePublished": "2026-02-05T18:25:11.487Z",
"dateReserved": "2025-12-29T23:13:29.803Z",
"dateUpdated": "2026-02-06T19:07:24.033Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-15327 (GCVE-0-2025-15327)
Vulnerability from cvelistv5
Published
2026-02-05 18:25
Modified
2026-02-06 19:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-862 - Missing Authorization
Summary
Tanium addressed an improper access controls vulnerability in Deploy.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-15327",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-06T19:10:10.675713Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-06T19:10:18.914Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:tanium:service_deploy:2.26.1252:*:*:*:*:*:*:*",
"cpe:2.3:a:tanium:service_deploy:2.30.149:*:*:*:*:*:*:*"
],
"product": "Deploy",
"vendor": "Tanium",
"versions": [
{
"lessThan": "2.26.1253",
"status": "affected",
"version": "2.26.0",
"versionType": "custom"
},
{
"lessThan": "2.30.150",
"status": "affected",
"version": "2.30.0",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2025-12-29T23:13:29.851Z",
"datePublic": "2025-01-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Tanium addressed an improper access controls vulnerability in Deploy."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-05T18:25:11.258Z",
"orgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"shortName": "Tanium"
},
"references": [
{
"name": "TAN-2025-006",
"url": "https://security.tanium.com/TAN-2025-006"
}
],
"title": "Tanium addressed an improper access controls vulnerability in Deploy."
}
},
"cveMetadata": {
"assignerOrgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"assignerShortName": "Tanium",
"cveId": "CVE-2025-15327",
"datePublished": "2026-02-05T18:25:11.258Z",
"dateReserved": "2025-12-29T23:13:30.151Z",
"dateUpdated": "2026-02-06T19:10:18.914Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-15328 (GCVE-0-2025-15328)
Vulnerability from cvelistv5
Published
2026-02-05 18:24
Modified
2026-02-06 19:12
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-59 - Improper Link Resolution Before File Access ('Link Following')
Summary
Tanium addressed an improper link resolution before file access vulnerability in Enforce.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-15328",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-06T19:12:46.298503Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-06T19:12:54.357Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:tanium:service_enforce:2.7.313:*:*:*:*:*:*:*",
"cpe:2.3:a:tanium:service_enforce:2.8.543:*:*:*:*:*:*:*"
],
"product": "Enforce",
"vendor": "Tanium",
"versions": [
{
"lessThan": "2.7.314",
"status": "affected",
"version": "2.7.0",
"versionType": "custom"
},
{
"lessThan": "2.8.544",
"status": "affected",
"version": "2.8.0",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2025-12-29T23:13:30.169Z",
"datePublic": "2025-02-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Tanium addressed an improper link resolution before file access vulnerability in Enforce."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-05T18:24:42.534Z",
"orgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"shortName": "Tanium"
},
"references": [
{
"name": "TAN-2025-007",
"url": "https://security.tanium.com/TAN-2025-007"
}
],
"title": "Tanium addressed an improper link resolution before file access vulnerability in Enforce."
}
},
"cveMetadata": {
"assignerOrgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"assignerShortName": "Tanium",
"cveId": "CVE-2025-15328",
"datePublished": "2026-02-05T18:24:42.534Z",
"dateReserved": "2025-12-29T23:13:30.399Z",
"dateUpdated": "2026-02-06T19:12:54.357Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-15330 (GCVE-0-2025-15330)
Vulnerability from cvelistv5
Published
2026-02-05 18:24
Modified
2026-02-06 19:13
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-862 - Missing Authorization
Summary
Tanium addressed an improper input validation vulnerability in Deploy.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-15330",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-06T19:13:20.790327Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-06T19:13:31.613Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:tanium:service_deploy:2.26.1278:*:*:*:*:*:*:*",
"cpe:2.3:a:tanium:service_deploy:2.30.174:*:*:*:*:*:*:*"
],
"product": "Deploy",
"vendor": "Tanium",
"versions": [
{
"lessThan": "2.26.1279",
"status": "affected",
"version": "2.26.0",
"versionType": "custom"
},
{
"lessThan": "2.30.175",
"status": "affected",
"version": "2.30.0",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2025-12-29T23:13:30.875Z",
"datePublic": "2025-03-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Tanium addressed an improper input validation vulnerability in Deploy."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-05T18:24:27.066Z",
"orgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"shortName": "Tanium"
},
"references": [
{
"name": "TAN-2025-012",
"url": "https://security.tanium.com/TAN-2025-012"
}
],
"title": "Tanium addressed an improper input validation vulnerability in Deploy."
}
},
"cveMetadata": {
"assignerOrgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"assignerShortName": "Tanium",
"cveId": "CVE-2025-15330",
"datePublished": "2026-02-05T18:24:27.066Z",
"dateReserved": "2025-12-29T23:13:31.023Z",
"dateUpdated": "2026-02-06T19:13:31.613Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-15331 (GCVE-0-2025-15331)
Vulnerability from cvelistv5
Published
2026-02-05 18:23
Modified
2026-02-06 19:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-459 - Incomplete Cleanup
Summary
Tanium addressed an uncontrolled resource consumption vulnerability in Connect.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-15331",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-06T19:14:45.363886Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-06T19:14:52.895Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:tanium:service_connect:5.22.99:*:*:*:*:*:*:*",
"cpe:2.3:a:tanium:service_connect:5.26.86:*:*:*:*:*:*:*"
],
"product": "Connect",
"vendor": "Tanium",
"versions": [
{
"lessThan": "5.22.100",
"status": "affected",
"version": "5.22.0",
"versionType": "custom"
},
{
"lessThan": "5.26.87",
"status": "affected",
"version": "5.26.0",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2025-12-29T23:13:31.267Z",
"datePublic": "2025-04-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Tanium addressed an uncontrolled resource consumption vulnerability in Connect."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-459",
"description": "Incomplete Cleanup",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-05T18:23:51.939Z",
"orgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"shortName": "Tanium"
},
"references": [
{
"name": "TAN-2025-015",
"url": "https://security.tanium.com/TAN-2025-015"
}
],
"title": "Tanium addressed an uncontrolled resource consumption vulnerability in Connect."
}
},
"cveMetadata": {
"assignerOrgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"assignerShortName": "Tanium",
"cveId": "CVE-2025-15331",
"datePublished": "2026-02-05T18:23:51.939Z",
"dateReserved": "2025-12-29T23:13:31.408Z",
"dateUpdated": "2026-02-06T19:14:52.895Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-15329 (GCVE-0-2025-15329)
Vulnerability from cvelistv5
Published
2026-02-05 18:23
Modified
2026-02-06 19:15
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-201 - Insertion of Sensitive Information Into Sent Data
Summary
Tanium addressed an information disclosure vulnerability in Threat Response.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Tanium | Threat Response |
Version: 4.5.0 < 4.5.250 Version: 4.6.0 < 4.6.518 Version: 4.9.0 < 4.9.297 cpe:2.3:a:tanium:service_threatresponse:4.5.249:*:*:*:*:*:*:* cpe:2.3:a:tanium:service_threatresponse:4.6.517:*:*:*:*:*:*:* cpe:2.3:a:tanium:service_threatresponse:4.9.296:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-15329",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-06T19:15:31.703269Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-06T19:15:39.292Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:tanium:service_threatresponse:4.5.249:*:*:*:*:*:*:*",
"cpe:2.3:a:tanium:service_threatresponse:4.6.517:*:*:*:*:*:*:*",
"cpe:2.3:a:tanium:service_threatresponse:4.9.296:*:*:*:*:*:*:*"
],
"product": "Threat Response",
"vendor": "Tanium",
"versions": [
{
"lessThan": "4.5.250",
"status": "affected",
"version": "4.5.0",
"versionType": "custom"
},
{
"lessThan": "4.6.518",
"status": "affected",
"version": "4.6.0",
"versionType": "custom"
},
{
"lessThan": "4.9.297",
"status": "affected",
"version": "4.9.0",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2025-12-29T23:13:30.479Z",
"datePublic": "2025-07-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Tanium addressed an information disclosure vulnerability in Threat Response."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-201",
"description": "Insertion of Sensitive Information Into Sent Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-05T18:23:27.646Z",
"orgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"shortName": "Tanium"
},
"references": [
{
"name": "TAN-2025-019",
"url": "https://security.tanium.com/TAN-2025-019"
}
],
"title": "Tanium addressed an information disclosure vulnerability in Threat Response."
}
},
"cveMetadata": {
"assignerOrgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"assignerShortName": "Tanium",
"cveId": "CVE-2025-15329",
"datePublished": "2026-02-05T18:23:27.646Z",
"dateReserved": "2025-12-29T23:13:30.646Z",
"dateUpdated": "2026-02-06T19:15:39.292Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-15332 (GCVE-0-2025-15332)
Vulnerability from cvelistv5
Published
2026-02-05 18:22
Modified
2026-02-06 17:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-532 - Insertion of Sensitive Information into Log File
Summary
Tanium addressed an information disclosure vulnerability in Threat Response.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Tanium | Threat Response |
Version: 4.5.0 < 4.5.250 Version: 4.6.0 < 4.6.518 Version: 4.9.0 < 4.9.297 cpe:2.3:a:tanium:service_threatresponse:4.5.249:*:*:*:*:*:*:* cpe:2.3:a:tanium:service_threatresponse:4.6.517:*:*:*:*:*:*:* cpe:2.3:a:tanium:service_threatresponse:4.9.296:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-15332",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-06T17:37:00.739296Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-06T17:37:09.090Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:tanium:service_threatresponse:4.5.249:*:*:*:*:*:*:*",
"cpe:2.3:a:tanium:service_threatresponse:4.6.517:*:*:*:*:*:*:*",
"cpe:2.3:a:tanium:service_threatresponse:4.9.296:*:*:*:*:*:*:*"
],
"product": "Threat Response",
"vendor": "Tanium",
"versions": [
{
"lessThan": "4.5.250",
"status": "affected",
"version": "4.5.0",
"versionType": "custom"
},
{
"lessThan": "4.6.518",
"status": "affected",
"version": "4.6.0",
"versionType": "custom"
},
{
"lessThan": "4.9.297",
"status": "affected",
"version": "4.9.0",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2025-12-29T23:13:31.819Z",
"datePublic": "2025-07-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Tanium addressed an information disclosure vulnerability in Threat Response."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "Insertion of Sensitive Information into Log File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-05T18:22:45.788Z",
"orgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"shortName": "Tanium"
},
"references": [
{
"name": "TAN-2025-020",
"url": "https://security.tanium.com/TAN-2025-020"
}
],
"title": "Tanium addressed an information disclosure vulnerability in Threat Response."
}
},
"cveMetadata": {
"assignerOrgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"assignerShortName": "Tanium",
"cveId": "CVE-2025-15332",
"datePublished": "2026-02-05T18:22:45.788Z",
"dateReserved": "2025-12-29T23:13:31.979Z",
"dateUpdated": "2026-02-06T17:37:09.090Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-15321 (GCVE-0-2025-15321)
Vulnerability from cvelistv5
Published
2026-02-05 18:20
Modified
2026-02-06 17:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-426 - Untrusted Search Path
Summary
Tanium addressed an improper input validation vulnerability in Tanium Appliance.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Tanium | Tanium Appliance |
Version: 1.8.3.0 < 1.8.3.0196 Version: 1.8.5.0 < 1.8.5.0199 Version: 1.8.5.0 < 1.8.5.0227 cpe:2.3:a:tanium:tanos:1.8.3.0195:*:*:*:*:*:*:* cpe:2.3:a:tanium:tanos:1.8.5.0198:*:*:*:*:*:*:* cpe:2.3:a:tanium:tanos:1.8.5.0226:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-15321",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-06T17:37:17.139008Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-06T17:37:27.718Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:tanium:tanos:1.8.3.0195:*:*:*:*:*:*:*",
"cpe:2.3:a:tanium:tanos:1.8.5.0198:*:*:*:*:*:*:*",
"cpe:2.3:a:tanium:tanos:1.8.5.0226:*:*:*:*:*:*:*"
],
"product": "Tanium Appliance",
"vendor": "Tanium",
"versions": [
{
"lessThan": "1.8.3.0196",
"status": "affected",
"version": "1.8.3.0",
"versionType": "custom"
},
{
"lessThan": "1.8.5.0199",
"status": "affected",
"version": "1.8.5.0",
"versionType": "custom"
},
{
"lessThan": "1.8.5.0227",
"status": "affected",
"version": "1.8.5.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Filip Waeytens"
},
{
"lang": "en",
"type": "reporter",
"value": "Frank Lycops"
},
{
"lang": "en",
"type": "reporter",
"value": "Jean-Michel Huguet"
},
{
"lang": "en",
"type": "reporter",
"value": "Jorge Escabias"
},
{
"lang": "en",
"type": "reporter",
"value": "Justin Hocquel from NCIA/NCSC"
}
],
"dateAssigned": "2025-12-29T23:13:00.595Z",
"datePublic": "2025-08-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Tanium addressed an improper input validation vulnerability in Tanium Appliance."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 2.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-426",
"description": "Untrusted Search Path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-05T18:20:39.404Z",
"orgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"shortName": "Tanium"
},
"references": [
{
"name": "TAN-2025-024",
"url": "https://security.tanium.com/TAN-2025-024"
}
],
"title": "Tanium addressed an improper input validation vulnerability in Tanium Appliance."
}
},
"cveMetadata": {
"assignerOrgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"assignerShortName": "Tanium",
"cveId": "CVE-2025-15321",
"datePublished": "2026-02-05T18:20:39.404Z",
"dateReserved": "2025-12-29T23:13:00.749Z",
"dateUpdated": "2026-02-06T17:37:27.718Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-15333 (GCVE-0-2025-15333)
Vulnerability from cvelistv5
Published
2026-02-05 18:20
Modified
2026-02-06 17:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-276 - Incorrect Default Permissions
Summary
Tanium addressed an information disclosure vulnerability in Threat Response.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Tanium | Threat Response |
Version: 4.5.0 < 4.5.266 Version: 4.6.0 < 4.6.536 Version: 4.9.0 < 4.9.324 cpe:2.3:a:tanium:service_threatresponse:4.5.265:*:*:*:*:*:*:* cpe:2.3:a:tanium:service_threatresponse:4.6.535:*:*:*:*:*:*:* cpe:2.3:a:tanium:service_threatresponse:4.9.323:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-15333",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-06T17:37:34.407949Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-06T17:37:41.457Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:tanium:service_threatresponse:4.5.265:*:*:*:*:*:*:*",
"cpe:2.3:a:tanium:service_threatresponse:4.6.535:*:*:*:*:*:*:*",
"cpe:2.3:a:tanium:service_threatresponse:4.9.323:*:*:*:*:*:*:*"
],
"product": "Threat Response",
"vendor": "Tanium",
"versions": [
{
"lessThan": "4.5.266",
"status": "affected",
"version": "4.5.0",
"versionType": "custom"
},
{
"lessThan": "4.6.536",
"status": "affected",
"version": "4.6.0",
"versionType": "custom"
},
{
"lessThan": "4.9.324",
"status": "affected",
"version": "4.9.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Filip Waeytens"
},
{
"lang": "en",
"type": "reporter",
"value": "Frank Lycops"
},
{
"lang": "en",
"type": "reporter",
"value": "Jean-Michel Huguet"
},
{
"lang": "en",
"type": "reporter",
"value": "Jorge Escabias"
},
{
"lang": "en",
"type": "reporter",
"value": "Justin Hocquel from NCIA/NCSC"
}
],
"dateAssigned": "2025-12-29T23:13:32.264Z",
"datePublic": "2025-08-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Tanium addressed an information disclosure vulnerability in Threat Response."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-05T18:20:14.854Z",
"orgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"shortName": "Tanium"
},
"references": [
{
"name": "TAN-2025-025",
"url": "https://security.tanium.com/TAN-2025-025"
}
],
"title": "Tanium addressed an information disclosure vulnerability in Threat Response."
}
},
"cveMetadata": {
"assignerOrgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"assignerShortName": "Tanium",
"cveId": "CVE-2025-15333",
"datePublished": "2026-02-05T18:20:14.854Z",
"dateReserved": "2025-12-29T23:13:32.432Z",
"dateUpdated": "2026-02-06T17:37:41.457Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-15334 (GCVE-0-2025-15334)
Vulnerability from cvelistv5
Published
2026-02-05 18:18
Modified
2026-02-06 18:15
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-276 - Incorrect Default Permissions
Summary
Tanium addressed an information disclosure vulnerability in Threat Response.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Tanium | Threat Response |
Version: 4.5.0 < 4.5.266 Version: 4.6.0 < 4.6.536 Version: 4.9.0 < 4.9.324 cpe:2.3:a:tanium:service_threatresponse:4.5.265:*:*:*:*:*:*:* cpe:2.3:a:tanium:service_threatresponse:4.6.535:*:*:*:*:*:*:* cpe:2.3:a:tanium:service_threatresponse:4.9.323:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-15334",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-06T18:15:15.985229Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-06T18:15:24.622Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:tanium:service_threatresponse:4.5.265:*:*:*:*:*:*:*",
"cpe:2.3:a:tanium:service_threatresponse:4.6.535:*:*:*:*:*:*:*",
"cpe:2.3:a:tanium:service_threatresponse:4.9.323:*:*:*:*:*:*:*"
],
"product": "Threat Response",
"vendor": "Tanium",
"versions": [
{
"lessThan": "4.5.266",
"status": "affected",
"version": "4.5.0",
"versionType": "custom"
},
{
"lessThan": "4.6.536",
"status": "affected",
"version": "4.6.0",
"versionType": "custom"
},
{
"lessThan": "4.9.324",
"status": "affected",
"version": "4.9.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Filip Waeytens"
},
{
"lang": "en",
"type": "reporter",
"value": "Frank Lycops"
},
{
"lang": "en",
"type": "reporter",
"value": "Jean-Michel Huguet"
},
{
"lang": "en",
"type": "reporter",
"value": "Jorge Escabias"
},
{
"lang": "en",
"type": "reporter",
"value": "Justin Hocquel from NCIA/NCSC"
}
],
"dateAssigned": "2025-12-29T23:13:32.895Z",
"datePublic": "2025-08-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Tanium addressed an information disclosure vulnerability in Threat Response."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-05T18:18:04.149Z",
"orgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"shortName": "Tanium"
},
"references": [
{
"name": "TAN-2025-026",
"url": "https://security.tanium.com/TAN-2025-026"
}
],
"title": "Tanium addressed an information disclosure vulnerability in Threat Response."
}
},
"cveMetadata": {
"assignerOrgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"assignerShortName": "Tanium",
"cveId": "CVE-2025-15334",
"datePublished": "2026-02-05T18:18:04.149Z",
"dateReserved": "2025-12-29T23:13:33.075Z",
"dateUpdated": "2026-02-06T18:15:24.622Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-15335 (GCVE-0-2025-15335)
Vulnerability from cvelistv5
Published
2026-02-05 18:17
Modified
2026-02-06 18:15
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-276 - Incorrect Default Permissions
Summary
Tanium addressed an information disclosure vulnerability in Threat Response.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Tanium | Threat Response |
Version: 4.5.0 < 4.5.266 Version: 4.6.0 < 4.6.536 Version: 4.9.0 < 4.9.324 cpe:2.3:a:tanium:service_threatresponse:4.5.265:*:*:*:*:*:*:* cpe:2.3:a:tanium:service_threatresponse:4.6.535:*:*:*:*:*:*:* cpe:2.3:a:tanium:service_threatresponse:4.9.323:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-15335",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-06T18:15:31.106351Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-06T18:15:40.477Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:tanium:service_threatresponse:4.5.265:*:*:*:*:*:*:*",
"cpe:2.3:a:tanium:service_threatresponse:4.6.535:*:*:*:*:*:*:*",
"cpe:2.3:a:tanium:service_threatresponse:4.9.323:*:*:*:*:*:*:*"
],
"product": "Threat Response",
"vendor": "Tanium",
"versions": [
{
"lessThan": "4.5.266",
"status": "affected",
"version": "4.5.0",
"versionType": "custom"
},
{
"lessThan": "4.6.536",
"status": "affected",
"version": "4.6.0",
"versionType": "custom"
},
{
"lessThan": "4.9.324",
"status": "affected",
"version": "4.9.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Filip Waeytens"
},
{
"lang": "en",
"type": "reporter",
"value": "Frank Lycops"
},
{
"lang": "en",
"type": "reporter",
"value": "Jean-Michel Huguet"
},
{
"lang": "en",
"type": "reporter",
"value": "Jorge Escabias"
},
{
"lang": "en",
"type": "reporter",
"value": "Justin Hocquel at NCIA/NCSC"
}
],
"dateAssigned": "2025-12-29T23:13:47.658Z",
"datePublic": "2025-09-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Tanium addressed an information disclosure vulnerability in Threat Response."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-05T18:17:28.244Z",
"orgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"shortName": "Tanium"
},
"references": [
{
"name": "TAN-2025-027",
"url": "https://security.tanium.com/TAN-2025-027"
}
],
"title": "Tanium addressed an information disclosure vulnerability in Threat Response."
}
},
"cveMetadata": {
"assignerOrgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"assignerShortName": "Tanium",
"cveId": "CVE-2025-15335",
"datePublished": "2026-02-05T18:17:28.244Z",
"dateReserved": "2025-12-29T23:13:47.826Z",
"dateUpdated": "2026-02-06T18:15:40.477Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}