Search criteria
46 vulnerabilities
CVE-2026-2350 (GCVE-0-2026-2350)
Vulnerability from cvelistv5 – Published: 2026-02-19 23:10 – Updated: 2026-02-19 23:14
VLAI?
Title
Tanium addressed an insertion of sensitive information into log file vulnerability in Interact and TDS.
Summary
Tanium addressed an insertion of sensitive information into log file vulnerability in Interact and TDS.
Severity ?
6.5 (Medium)
CWE
- CWE-532 - Insertion of Sensitive Information into Log File
Assigner
References
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:tanium:service_interact:3.2.195:*:*:*:*:*:*:*",
"cpe:2.3:a:tanium:service_interact:3.5.101:*:*:*:*:*:*:*"
],
"product": "Interact",
"vendor": "Tanium",
"versions": [
{
"lessThan": "3.2.196",
"status": "affected",
"version": "3.2.0",
"versionType": "custom"
},
{
"lessThan": "3.5.102",
"status": "affected",
"version": "3.5.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:tanium:service_tds:4.1.256:*:*:*:*:*:*:*"
],
"product": "TDS",
"vendor": "Tanium",
"versions": [
{
"lessThan": "4.1.257",
"status": "affected",
"version": "4.1.0",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2026-02-11T16:04:36.295Z",
"datePublic": "2026-02-19T23:10:05.500Z",
"descriptions": [
{
"lang": "en",
"value": "Tanium addressed an insertion of sensitive information into log file vulnerability in Interact and TDS."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "Insertion of Sensitive Information into Log File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-19T23:14:23.480Z",
"orgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"shortName": "Tanium"
},
"references": [
{
"name": "TAN-2026-008",
"url": "https://security.tanium.com/TAN-2026-008"
}
],
"title": "Tanium addressed an insertion of sensitive information into log file vulnerability in Interact and TDS."
}
},
"cveMetadata": {
"assignerOrgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"assignerShortName": "Tanium",
"cveId": "CVE-2026-2350",
"datePublished": "2026-02-19T23:10:33.951Z",
"dateReserved": "2026-02-11T16:04:36.872Z",
"dateUpdated": "2026-02-19T23:14:23.480Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-1292 (GCVE-0-2026-1292)
Vulnerability from cvelistv5 – Published: 2026-02-19 23:10 – Updated: 2026-02-19 23:10
VLAI?
Title
Tanium addressed an insertion of sensitive information into log file vulnerability in Trends.
Summary
Tanium addressed an insertion of sensitive information into log file vulnerability in Trends.
Severity ?
6.5 (Medium)
CWE
- CWE-532 - Insertion of Sensitive Information into Log File
Assigner
References
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:tanium:service_trends:3.10.19:*:*:*:*:*:*:*",
"cpe:2.3:a:tanium:service_trends:3.11.77:*:*:*:*:*:*:*"
],
"product": "Trends",
"vendor": "Tanium",
"versions": [
{
"lessThan": "3.10.20",
"status": "affected",
"version": "3.10.0",
"versionType": "custom"
},
{
"lessThan": "3.11.79",
"status": "affected",
"version": "3.11.0",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2026-01-21T16:30:45.079Z",
"datePublic": "2026-02-19T23:09:55.630Z",
"descriptions": [
{
"lang": "en",
"value": "Tanium addressed an insertion of sensitive information into log file vulnerability in Trends."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "Insertion of Sensitive Information into Log File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-19T23:10:23.372Z",
"orgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"shortName": "Tanium"
},
"references": [
{
"name": "TAN-2026-007",
"url": "https://security.tanium.com/TAN-2026-007"
}
],
"title": "Tanium addressed an insertion of sensitive information into log file vulnerability in Trends."
}
},
"cveMetadata": {
"assignerOrgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"assignerShortName": "Tanium",
"cveId": "CVE-2026-1292",
"datePublished": "2026-02-19T23:10:23.372Z",
"dateReserved": "2026-01-21T16:30:45.783Z",
"dateUpdated": "2026-02-19T23:10:23.372Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-2605 (GCVE-0-2026-2605)
Vulnerability from cvelistv5 – Published: 2026-02-19 23:10 – Updated: 2026-02-19 23:13
VLAI?
Title
Tanium addressed an insertion of sensitive information into log file vulnerability in TanOS.
Summary
Tanium addressed an insertion of sensitive information into log file vulnerability in TanOS.
Severity ?
5.3 (Medium)
CWE
- CWE-532 - Insertion of Sensitive Information into Log File
Assigner
References
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:tanium:tanos:1.8.4.0249:*:*:*:*:*:*:*",
"cpe:2.3:a:tanium:tanos:1.8.5.0282:*:*:*:*:*:*:*",
"cpe:2.3:a:tanium:tanos:1.8.6.0150:*:*:*:*:*:*:*"
],
"product": "TanOS",
"vendor": "Tanium",
"versions": [
{
"lessThan": "1.8.4.0249",
"status": "affected",
"version": "1.8.4",
"versionType": "custom"
},
{
"lessThan": "1.8.5.0282",
"status": "affected",
"version": "1.8.5",
"versionType": "custom"
},
{
"lessThan": "1.8.6.0150",
"status": "affected",
"version": "1.8.6",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2026-02-16T21:37:14.785Z",
"datePublic": "2026-02-19T23:09:49.159Z",
"descriptions": [
{
"lang": "en",
"value": "Tanium addressed an insertion of sensitive information into log file vulnerability in TanOS."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "Insertion of Sensitive Information into Log File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-19T23:13:38.465Z",
"orgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"shortName": "Tanium"
},
"references": [
{
"name": "TAN-2026-006",
"url": "https://security.tanium.com/TAN-2026-006"
}
],
"title": "Tanium addressed an insertion of sensitive information into log file vulnerability in TanOS."
}
},
"cveMetadata": {
"assignerOrgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"assignerShortName": "Tanium",
"cveId": "CVE-2026-2605",
"datePublished": "2026-02-19T23:10:02.867Z",
"dateReserved": "2026-02-16T21:37:15.555Z",
"dateUpdated": "2026-02-19T23:13:38.465Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-2408 (GCVE-0-2026-2408)
Vulnerability from cvelistv5 – Published: 2026-02-19 23:09 – Updated: 2026-02-19 23:09
VLAI?
Title
Use-after-free in Cloud Workloads
Summary
Tanium addressed a use-after-free vulnerability in the Cloud Workloads Enforce client extension.
Severity ?
4.7 (Medium)
CWE
- CWE-416 - Use After Free
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Tanium | Cloud Workloads |
Affected:
1.0.222 , < 1.0.222
(custom)
cpe:2.3:a:tanium:service_cloudworkloads:1.0.221:*:*:*:*:*:*:* |
{
"containers": {
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:tanium:service_cloudworkloads:1.0.221:*:*:*:*:*:*:*"
],
"product": "Cloud Workloads",
"vendor": "Tanium",
"versions": [
{
"lessThan": "1.0.222",
"status": "affected",
"version": "1.0.222",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2026-02-12T13:49:48.721Z",
"datePublic": "2026-02-19T23:09:40.352Z",
"descriptions": [
{
"lang": "en",
"value": "Tanium addressed a use-after-free vulnerability in the Cloud Workloads Enforce client extension."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-19T23:09:51.620Z",
"orgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"shortName": "Tanium"
},
"references": [
{
"name": "TAN-2026-005",
"url": "https://security.tanium.com/TAN-2026-005"
}
],
"title": "Use-after-free in Cloud Workloads"
}
},
"cveMetadata": {
"assignerOrgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"assignerShortName": "Tanium",
"cveId": "CVE-2026-2408",
"datePublished": "2026-02-19T23:09:51.620Z",
"dateReserved": "2026-02-12T13:49:49.307Z",
"dateUpdated": "2026-02-19T23:09:51.620Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-2435 (GCVE-0-2026-2435)
Vulnerability from cvelistv5 – Published: 2026-02-19 23:09 – Updated: 2026-02-19 23:09
VLAI?
Title
ASSET-7706
Summary
Tanium addressed a SQL injection vulnerability in Asset.
Severity ?
6.3 (Medium)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Tanium | Asset |
Affected:
1.32 , < 1.32.179
(custom)
Affected: 1.33 , < 1.33.269 (custom) Affected: 1.36 , < 1.36.108 (custom) cpe:2.3:a:tanium:service_asset:1.32.178:*:*:*:*:*:*:* cpe:2.3:a:tanium:service_asset:1.33.268:*:*:*:*:*:*:* cpe:2.3:a:tanium:service_asset:1.36.107:*:*:*:*:*:*:* |
{
"containers": {
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:tanium:service_asset:1.32.178:*:*:*:*:*:*:*",
"cpe:2.3:a:tanium:service_asset:1.33.268:*:*:*:*:*:*:*",
"cpe:2.3:a:tanium:service_asset:1.36.107:*:*:*:*:*:*:*"
],
"product": "Asset",
"vendor": "Tanium",
"versions": [
{
"lessThan": "1.32.179",
"status": "affected",
"version": "1.32",
"versionType": "custom"
},
{
"lessThan": "1.33.269",
"status": "affected",
"version": "1.33",
"versionType": "custom"
},
{
"lessThan": "1.36.108",
"status": "affected",
"version": "1.36",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2026-02-12T22:26:04.213Z",
"datePublic": "2026-02-19T23:09:30.641Z",
"descriptions": [
{
"lang": "en",
"value": "Tanium addressed a SQL injection vulnerability in Asset."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-19T23:09:41.110Z",
"orgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"shortName": "Tanium"
},
"references": [
{
"name": "TAN-2026-004",
"url": "https://security.tanium.com/TAN-2026-004"
}
],
"title": "ASSET-7706"
}
},
"cveMetadata": {
"assignerOrgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"assignerShortName": "Tanium",
"cveId": "CVE-2026-2435",
"datePublished": "2026-02-19T23:09:41.110Z",
"dateReserved": "2026-02-12T22:26:04.828Z",
"dateUpdated": "2026-02-19T23:09:41.110Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-1344 (GCVE-0-2026-1344)
Vulnerability from cvelistv5 – Published: 2026-02-17 23:43 – Updated: 2026-02-18 13:41
VLAI?
Title
Insecure file permissions in Enforce Recovery Key Portal
Summary
Tanium addressed an insecure file permissions vulnerability in Enforce Recovery Key Portal.
Severity ?
6.5 (Medium)
CWE
- CWE-732 - Incorrect Permission Assignment for Critical Resource
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Tanium | Enforce Recovery Key Portal |
Affected:
1.0.0 , < 1.62.5
(custom)
cpe:2.3:a:tanium:service_enforce_recovery-key-portal:1.62.4:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-1344",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-18T13:40:38.287908Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-18T13:41:49.780Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:tanium:service_enforce_recovery-key-portal:1.62.4:*:*:*:*:*:*:*"
],
"product": "Enforce Recovery Key Portal",
"vendor": "Tanium",
"versions": [
{
"lessThan": "1.62.5",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2026-01-22T16:16:38.364Z",
"datePublic": "2026-02-17T23:43:20.540Z",
"descriptions": [
{
"lang": "en",
"value": "Tanium addressed an insecure file permissions vulnerability in Enforce Recovery Key Portal."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "Incorrect Permission Assignment for Critical Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-17T23:43:30.432Z",
"orgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"shortName": "Tanium"
},
"references": [
{
"name": "TAN-2026-003",
"url": "https://security.tanium.com/TAN-2026-003"
}
],
"title": "Insecure file permissions in Enforce Recovery Key Portal"
}
},
"cveMetadata": {
"assignerOrgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"assignerShortName": "Tanium",
"cveId": "CVE-2026-1344",
"datePublished": "2026-02-17T23:43:30.432Z",
"dateReserved": "2026-01-22T16:16:38.983Z",
"dateUpdated": "2026-02-18T13:41:49.780Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-15314 (GCVE-0-2025-15314)
Vulnerability from cvelistv5 – Published: 2026-02-09 23:05 – Updated: 2026-02-10 20:18
VLAI?
Title
Tanium addressed an arbitrary file deletion vulnerability in end-user-cx.
Summary
Tanium addressed an arbitrary file deletion vulnerability in end-user-cx.
Severity ?
5.5 (Medium)
CWE
- CWE-59 - Improper Link Resolution Before File Access ('Link Following')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Tanium | end-user-cx |
Affected:
1.4.0 , < 1.4.1175
(custom)
Affected: 1.6.0 , < 1.6.926 (custom) Affected: 1.8.0 , < 1.8.21 (custom) cpe:2.3:a:tanium:endpoint_end-user-cx:1.4.1174:*:*:*:*:*:*:* cpe:2.3:a:tanium:endpoint_end-user-cx:1.6.925:*:*:*:*:*:*:* cpe:2.3:a:tanium:endpoint_end-user-cx:1.8.20:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-15314",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-10T20:18:17.474330Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-10T20:18:24.846Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:tanium:endpoint_end-user-cx:1.4.1174:*:*:*:*:*:*:*",
"cpe:2.3:a:tanium:endpoint_end-user-cx:1.6.925:*:*:*:*:*:*:*",
"cpe:2.3:a:tanium:endpoint_end-user-cx:1.8.20:*:*:*:*:*:*:*"
],
"product": "end-user-cx",
"vendor": "Tanium",
"versions": [
{
"lessThan": "1.4.1175",
"status": "affected",
"version": "1.4.0",
"versionType": "custom"
},
{
"lessThan": "1.6.926",
"status": "affected",
"version": "1.6.0",
"versionType": "custom"
},
{
"lessThan": "1.8.21",
"status": "affected",
"version": "1.8.0",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2025-12-29T23:12:54.705Z",
"datePublic": "2025-02-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Tanium addressed an arbitrary file deletion vulnerability in end-user-cx."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-09T23:06:46.478Z",
"orgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"shortName": "Tanium"
},
"references": [
{
"name": "TAN-2025-010",
"url": "https://security.tanium.com/TAN-2025-010"
}
],
"title": "Tanium addressed an arbitrary file deletion vulnerability in end-user-cx."
}
},
"cveMetadata": {
"assignerOrgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"assignerShortName": "Tanium",
"cveId": "CVE-2025-15314",
"datePublished": "2026-02-09T23:05:16.503Z",
"dateReserved": "2025-12-29T23:12:54.874Z",
"dateUpdated": "2026-02-10T20:18:24.846Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-15313 (GCVE-0-2025-15313)
Vulnerability from cvelistv5 – Published: 2026-02-09 23:05 – Updated: 2026-02-10 20:17
VLAI?
Title
Tanium addressed an arbitrary file deletion vulnerability in Tanium EUSS.
Summary
Tanium addressed an arbitrary file deletion vulnerability in Tanium EUSS.
Severity ?
5.5 (Medium)
CWE
- CWE-59 - Improper Link Resolution Before File Access ('Link Following')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Tanium | Tanium EUSS |
Affected:
1.17.0 , < 1.17.41
(custom)
Affected: 1.18.0 , < 1.18.28 (custom) cpe:2.3:a:tanium:endpoint_euss:1.17.40:*:*:*:*:*:*:* cpe:2.3:a:tanium:endpoint_euss:1.18.27:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-15313",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-10T20:17:52.390755Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-10T20:17:58.821Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:tanium:endpoint_euss:1.17.40:*:*:*:*:*:*:*",
"cpe:2.3:a:tanium:endpoint_euss:1.18.27:*:*:*:*:*:*:*"
],
"product": "Tanium EUSS",
"vendor": "Tanium",
"versions": [
{
"lessThan": "1.17.41",
"status": "affected",
"version": "1.17.0",
"versionType": "custom"
},
{
"lessThan": "1.18.28",
"status": "affected",
"version": "1.18.0",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2025-12-29T23:12:53.970Z",
"datePublic": "2025-02-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Tanium addressed an arbitrary file deletion vulnerability in Tanium EUSS."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-09T23:09:09.849Z",
"orgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"shortName": "Tanium"
},
"references": [
{
"name": "TAN-2025-010",
"url": "https://security.tanium.com/TAN-2025-010"
}
],
"title": "Tanium addressed an arbitrary file deletion vulnerability in Tanium EUSS."
}
},
"cveMetadata": {
"assignerOrgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"assignerShortName": "Tanium",
"cveId": "CVE-2025-15313",
"datePublished": "2026-02-09T23:05:16.158Z",
"dateReserved": "2025-12-29T23:12:54.257Z",
"dateUpdated": "2026-02-10T20:17:58.821Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-15310 (GCVE-0-2025-15310)
Vulnerability from cvelistv5 – Published: 2026-02-09 23:00 – Updated: 2026-02-10 20:17
VLAI?
Title
Tanium addressed a local privilege escalation vulnerability in Patch Endpoint Tools.
Summary
Tanium addressed a local privilege escalation vulnerability in Patch Endpoint Tools.
Severity ?
7.8 (High)
CWE
- CWE-59 - Improper Link Resolution Before File Access ('Link Following')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Tanium | Patch Endpoint Tools |
Affected:
3.17.0 , < 3.17.10195
(custom)
Affected: 10.1.0 , < 10.1.33 (custom) Affected: 10.2.0 , < 10.2.22 (custom) cpe:2.3:a:tanium:endpoint_patch:3.17.10194:*:*:*:*:*:*:* cpe:2.3:a:tanium:endpoint_patch:10.1.32:*:*:*:*:*:*:* cpe:2.3:a:tanium:endpoint_patch:10.2.21:*:*:*:*:*:*:* |
Credits
Filip Magic
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-15310",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-10T20:17:22.301449Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-10T20:17:29.236Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:tanium:endpoint_patch:3.17.10194:*:*:*:*:*:*:*",
"cpe:2.3:a:tanium:endpoint_patch:10.1.32:*:*:*:*:*:*:*",
"cpe:2.3:a:tanium:endpoint_patch:10.2.21:*:*:*:*:*:*:*"
],
"product": "Patch Endpoint Tools",
"vendor": "Tanium",
"versions": [
{
"lessThan": "3.17.10195",
"status": "affected",
"version": "3.17.0",
"versionType": "custom"
},
{
"lessThan": "10.1.33",
"status": "affected",
"version": "10.1.0",
"versionType": "custom"
},
{
"lessThan": "10.2.22",
"status": "affected",
"version": "10.2.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Filip Magic"
}
],
"dateAssigned": "2025-12-29T23:12:52.295Z",
"datePublic": "2025-01-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Tanium addressed a local privilege escalation vulnerability in Patch Endpoint Tools."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-09T23:11:05.748Z",
"orgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"shortName": "Tanium"
},
"references": [
{
"name": "TAN-2025-001",
"url": "https://security.tanium.com/TAN-2025-001"
}
],
"title": "Tanium addressed a local privilege escalation vulnerability in Patch Endpoint Tools."
}
},
"cveMetadata": {
"assignerOrgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"assignerShortName": "Tanium",
"cveId": "CVE-2025-15310",
"datePublished": "2026-02-09T23:00:51.789Z",
"dateReserved": "2025-12-29T23:12:52.477Z",
"dateUpdated": "2026-02-10T20:17:29.236Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-15318 (GCVE-0-2025-15318)
Vulnerability from cvelistv5 – Published: 2026-02-09 22:56 – Updated: 2026-02-10 21:22
VLAI?
Title
Tanium addressed an arbitrary file deletion vulnerability in End-User Notifications Endpoint Tools.
Summary
Tanium addressed an arbitrary file deletion vulnerability in End-User Notifications Endpoint Tools.
Severity ?
5.1 (Medium)
CWE
- CWE-59 - Improper Link Resolution Before File Access ('Link Following')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Tanium | End-User Notifications Endpoint Tools |
Affected:
1.18.0 , < 1.18.10079
(custom)
Affected: 10.0.0 , < 10.0.14 (custom) Affected: 10.1.0 , < 10.1.20 (custom) cpe:2.3:a:tanium:endpoint_end-user-notifications:1.18.10078:*:*:*:*:*:*:* cpe:2.3:a:tanium:endpoint_end-user-notifications:10.0.13:*:*:*:*:*:*:* cpe:2.3:a:tanium:endpoint_end-user-notifications:10.1.19:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-15318",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-10T21:21:53.649467Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-10T21:22:00.345Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:tanium:endpoint_end-user-notifications:1.18.10078:*:*:*:*:*:*:*",
"cpe:2.3:a:tanium:endpoint_end-user-notifications:10.0.13:*:*:*:*:*:*:*",
"cpe:2.3:a:tanium:endpoint_end-user-notifications:10.1.19:*:*:*:*:*:*:*"
],
"product": "End-User Notifications Endpoint Tools",
"vendor": "Tanium",
"versions": [
{
"lessThan": "1.18.10079",
"status": "affected",
"version": "1.18.0",
"versionType": "custom"
},
{
"lessThan": "10.0.14",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
},
{
"lessThan": "10.1.20",
"status": "affected",
"version": "10.1.0",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2025-12-29T23:12:57.784Z",
"datePublic": "2025-05-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Tanium addressed an arbitrary file deletion vulnerability in End-User Notifications Endpoint Tools."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-09T23:11:46.729Z",
"orgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"shortName": "Tanium"
},
"references": [
{
"name": "TAN-2025-017",
"url": "https://security.tanium.com/TAN-2025-017"
}
],
"title": "Tanium addressed an arbitrary file deletion vulnerability in End-User Notifications Endpoint Tools."
}
},
"cveMetadata": {
"assignerOrgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"assignerShortName": "Tanium",
"cveId": "CVE-2025-15318",
"datePublished": "2026-02-09T22:56:27.343Z",
"dateReserved": "2025-12-29T23:12:57.929Z",
"dateUpdated": "2026-02-10T21:22:00.345Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-15319 (GCVE-0-2025-15319)
Vulnerability from cvelistv5 – Published: 2026-02-09 22:52 – Updated: 2026-02-10 21:21
VLAI?
Title
Tanium addressed a local privilege escalation vulnerability in Patch Endpoint Tools.
Summary
Tanium addressed a local privilege escalation vulnerability in Patch Endpoint Tools.
Severity ?
7.8 (High)
CWE
- CWE-59 - Improper Link Resolution Before File Access ('Link Following')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Tanium | Patch Endpoint Tools |
Affected:
3.17.0 , < 3.17.10207
(custom)
Affected: 10.1.0 , < 10.1.50 (custom) Affected: 10.7.0 , < 10.7.25 (custom) Affected: 10.9.0 , < 10.9.31 (custom) Affected: 10.11.0 , < 10.11.27 (custom) cpe:2.3:a:tanium:endpoint_patch:3.17.10206:*:*:*:*:*:*:* cpe:2.3:a:tanium:endpoint_patch:10.1.49:*:*:*:*:*:*:* cpe:2.3:a:tanium:endpoint_patch:10.7.24:*:*:*:*:*:*:* cpe:2.3:a:tanium:endpoint_patch:10.9.30:*:*:*:*:*:*:* cpe:2.3:a:tanium:endpoint_patch:10.10.26:*:*:*:*:*:*:* |
Credits
Owen Jeanes
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-15319",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-10T21:21:32.326259Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-10T21:21:40.851Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:tanium:endpoint_patch:3.17.10206:*:*:*:*:*:*:*",
"cpe:2.3:a:tanium:endpoint_patch:10.1.49:*:*:*:*:*:*:*",
"cpe:2.3:a:tanium:endpoint_patch:10.7.24:*:*:*:*:*:*:*",
"cpe:2.3:a:tanium:endpoint_patch:10.9.30:*:*:*:*:*:*:*",
"cpe:2.3:a:tanium:endpoint_patch:10.10.26:*:*:*:*:*:*:*"
],
"product": "Patch Endpoint Tools",
"vendor": "Tanium",
"versions": [
{
"lessThan": "3.17.10207",
"status": "affected",
"version": "3.17.0",
"versionType": "custom"
},
{
"lessThan": "10.1.50",
"status": "affected",
"version": "10.1.0",
"versionType": "custom"
},
{
"lessThan": "10.7.25",
"status": "affected",
"version": "10.7.0",
"versionType": "custom"
},
{
"lessThan": "10.9.31",
"status": "affected",
"version": "10.9.0",
"versionType": "custom"
},
{
"lessThan": "10.11.27",
"status": "affected",
"version": "10.11.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Owen Jeanes"
}
],
"dateAssigned": "2025-12-29T23:12:58.700Z",
"datePublic": "2025-08-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Tanium addressed a local privilege escalation vulnerability in Patch Endpoint Tools."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-09T23:09:49.225Z",
"orgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"shortName": "Tanium"
},
"references": [
{
"name": "TAN-2025-021",
"url": "https://security.tanium.com/TAN-2025-021"
}
],
"title": "Tanium addressed a local privilege escalation vulnerability in Patch Endpoint Tools."
}
},
"cveMetadata": {
"assignerOrgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"assignerShortName": "Tanium",
"cveId": "CVE-2025-15319",
"datePublished": "2026-02-09T22:52:32.693Z",
"dateReserved": "2025-12-29T23:12:58.866Z",
"dateUpdated": "2026-02-10T21:21:40.851Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-15315 (GCVE-0-2025-15315)
Vulnerability from cvelistv5 – Published: 2026-02-09 21:48 – Updated: 2026-02-10 16:59
VLAI?
Title
Tanium addressed a local privilege escalation vulnerability in Tanium Module Server.
Summary
Tanium addressed a local privilege escalation vulnerability in Tanium Module Server.
Severity ?
6.7 (Medium)
CWE
- CWE-88 - Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Tanium | Tanium Module Server |
Affected:
7.5.6.0 , < 7.5.6.1161
(custom)
Affected: 7.4.6.0 , < 7.4.6.1151 (custom) Affected: 7.6.2.0 , < 7.6.2.1293 (custom) Affected: 7.6.4.0 , < 7.6.4.2114 (custom) cpe:2.3:a:tanium:moduleserver:7.5.6.1160:*:*:*:*:*:*:* cpe:2.3:a:tanium:moduleserver:7.4.6.1150:*:*:*:*:*:*:* cpe:2.3:a:tanium:moduleserver:7.6.2.1292:*:*:*:*:*:*:* cpe:2.3:a:tanium:moduleserver:7.6.4.2113:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-15315",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-10T16:58:41.692979Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-10T16:59:35.140Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:tanium:moduleserver:7.5.6.1160:*:*:*:*:*:*:*",
"cpe:2.3:a:tanium:moduleserver:7.4.6.1150:*:*:*:*:*:*:*",
"cpe:2.3:a:tanium:moduleserver:7.6.2.1292:*:*:*:*:*:*:*",
"cpe:2.3:a:tanium:moduleserver:7.6.4.2113:*:*:*:*:*:*:*"
],
"product": "Tanium Module Server",
"vendor": "Tanium",
"versions": [
{
"lessThan": "7.5.6.1161",
"status": "affected",
"version": "7.5.6.0",
"versionType": "custom"
},
{
"lessThan": "7.4.6.1151",
"status": "affected",
"version": "7.4.6.0",
"versionType": "custom"
},
{
"lessThan": "7.6.2.1293",
"status": "affected",
"version": "7.6.2.0",
"versionType": "custom"
},
{
"lessThan": "7.6.4.2114",
"status": "affected",
"version": "7.6.4.0",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2025-12-29T23:12:55.398Z",
"datePublic": "2025-02-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Tanium addressed a local privilege escalation vulnerability in Tanium Module Server."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-88",
"description": "Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-09T21:48:49.693Z",
"orgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"shortName": "Tanium"
},
"references": [
{
"name": "TAN-2025-011",
"url": "https://security.tanium.com/TAN-2025-011"
}
],
"title": "Tanium addressed a local privilege escalation vulnerability in Tanium Module Server."
}
},
"cveMetadata": {
"assignerOrgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"assignerShortName": "Tanium",
"cveId": "CVE-2025-15315",
"datePublished": "2026-02-09T21:48:49.693Z",
"dateReserved": "2025-12-29T23:12:55.559Z",
"dateUpdated": "2026-02-10T16:59:35.140Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-15316 (GCVE-0-2025-15316)
Vulnerability from cvelistv5 – Published: 2026-02-09 21:48 – Updated: 2026-02-10 15:59
VLAI?
Title
Tanium addressed a local privilege escalation vulnerability in Tanium Server.
Summary
Tanium addressed a local privilege escalation vulnerability in Tanium Server.
Severity ?
6.7 (Medium)
CWE
- CWE-88 - Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Tanium | Tanium Server |
Affected:
7.4.6.0 , < 7.4.6.1151
(custom)
Affected: 7.5.6.0 , < 7.5.6.1161 (custom) Affected: 7.6.2.0 , < 7.6.2.1293 (custom) Affected: 7.6.4.0 , < 7.6.4.2114 (custom) cpe:2.3:a:tanium:server:7.4.6.1150:*:*:*:*:*:*:* cpe:2.3:a:tanium:server:7.5.6.1160:*:*:*:*:*:*:* cpe:2.3:a:tanium:server:7.6.2.1292:*:*:*:*:*:*:* cpe:2.3:a:tanium:server:7.6.4.2113:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-15316",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-10T15:58:59.416693Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-10T15:59:23.904Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:tanium:server:7.4.6.1150:*:*:*:*:*:*:*",
"cpe:2.3:a:tanium:server:7.5.6.1160:*:*:*:*:*:*:*",
"cpe:2.3:a:tanium:server:7.6.2.1292:*:*:*:*:*:*:*",
"cpe:2.3:a:tanium:server:7.6.4.2113:*:*:*:*:*:*:*"
],
"product": "Tanium Server",
"vendor": "Tanium",
"versions": [
{
"lessThan": "7.4.6.1151",
"status": "affected",
"version": "7.4.6.0",
"versionType": "custom"
},
{
"lessThan": "7.5.6.1161",
"status": "affected",
"version": "7.5.6.0",
"versionType": "custom"
},
{
"lessThan": "7.6.2.1293",
"status": "affected",
"version": "7.6.2.0",
"versionType": "custom"
},
{
"lessThan": "7.6.4.2114",
"status": "affected",
"version": "7.6.4.0",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2025-12-29T23:12:56.161Z",
"datePublic": "2025-02-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Tanium addressed a local privilege escalation vulnerability in Tanium Server."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-88",
"description": "Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-09T21:48:49.471Z",
"orgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"shortName": "Tanium"
},
"references": [
{
"name": "TAN-2025-011",
"url": "https://security.tanium.com/TAN-2025-011"
}
],
"title": "Tanium addressed a local privilege escalation vulnerability in Tanium Server."
}
},
"cveMetadata": {
"assignerOrgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"assignerShortName": "Tanium",
"cveId": "CVE-2025-15316",
"datePublished": "2026-02-09T21:48:49.471Z",
"dateReserved": "2025-12-29T23:12:56.327Z",
"dateUpdated": "2026-02-10T15:59:23.904Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-15317 (GCVE-0-2025-15317)
Vulnerability from cvelistv5 – Published: 2026-02-09 21:43 – Updated: 2026-02-10 16:01
VLAI?
Title
Tanium addressed an uncontrolled resource consumption vulnerability in Tanium Server.
Summary
Tanium addressed an uncontrolled resource consumption vulnerability in Tanium Server.
Severity ?
6.5 (Medium)
CWE
- CWE-770 - Allocation of Resources Without Limits or Throttling
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Tanium | Tanium Server |
Affected:
7.4.6.0 , < 7.4.6.1154
(custom)
Affected: 7.5.6.0 , < 7.5.6.1164 (custom) Affected: 7.6.2.0 , < 7.6.2.1303 (custom) Affected: 7.6.4.0 , < 7.6.4.2124 (custom) cpe:2.3:a:tanium:server:7.4.6.1153:*:*:*:*:*:*:* cpe:2.3:a:tanium:server:7.5.6.1163:*:*:*:*:*:*:* cpe:2.3:a:tanium:server:7.6.2.1302:*:*:*:*:*:*:* cpe:2.3:a:tanium:server:7.6.4.2123:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-15317",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-10T16:00:52.783721Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-10T16:01:34.788Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:tanium:server:7.4.6.1153:*:*:*:*:*:*:*",
"cpe:2.3:a:tanium:server:7.5.6.1163:*:*:*:*:*:*:*",
"cpe:2.3:a:tanium:server:7.6.2.1302:*:*:*:*:*:*:*",
"cpe:2.3:a:tanium:server:7.6.4.2123:*:*:*:*:*:*:*"
],
"product": "Tanium Server",
"vendor": "Tanium",
"versions": [
{
"lessThan": "7.4.6.1154",
"status": "affected",
"version": "7.4.6.0",
"versionType": "custom"
},
{
"lessThan": "7.5.6.1164",
"status": "affected",
"version": "7.5.6.0",
"versionType": "custom"
},
{
"lessThan": "7.6.2.1303",
"status": "affected",
"version": "7.6.2.0",
"versionType": "custom"
},
{
"lessThan": "7.6.4.2124",
"status": "affected",
"version": "7.6.4.0",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2025-12-29T23:12:56.967Z",
"datePublic": "2025-03-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Tanium addressed an uncontrolled resource consumption vulnerability in Tanium Server."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-09T21:43:41.258Z",
"orgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"shortName": "Tanium"
},
"references": [
{
"name": "TAN-2025-013",
"url": "https://security.tanium.com/TAN-2025-013"
}
],
"title": "Tanium addressed an uncontrolled resource consumption vulnerability in Tanium Server."
}
},
"cveMetadata": {
"assignerOrgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"assignerShortName": "Tanium",
"cveId": "CVE-2025-15317",
"datePublished": "2026-02-09T21:43:41.258Z",
"dateReserved": "2025-12-29T23:12:57.132Z",
"dateUpdated": "2026-02-10T16:01:34.788Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-15320 (GCVE-0-2025-15320)
Vulnerability from cvelistv5 – Published: 2026-02-06 19:18 – Updated: 2026-02-06 19:40
VLAI?
Title
Tanium addressed a denial of service vulnerability in Tanium Client.
Summary
Tanium addressed a denial of service vulnerability in Tanium Client.
Severity ?
CWE
- CWE-605 - Multiple Binds to the Same Port
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Tanium | Tanium Client |
Affected:
7.6.2.0 , < 7.6.2.1327
(custom)
Affected: 7.6.4.0 , < 7.6.4.2160 (custom) Affected: 7.7.3.0 , < 7.7.3.8231 (custom) Affected: 7.4.10.0 , < 7.4.10.1118 (custom) cpe:2.3:a:tanium:client:7.4.10.1116:*:*:*:*:*:*:* cpe:2.3:a:tanium:client:7.6.2.1326:*:*:*:*:*:*:* cpe:2.3:a:tanium:client:7.6.4.2159:*:*:*:*:*:*:* cpe:2.3:a:tanium:client:7.7.3.8230:*:*:*:*:*:*:* |
Credits
Filip Waeytens
Frank Lycops
Jean-Michel Huguet
Jorge Escabias
Justin Hocquel from NCIA/NCSC
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-15320",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-06T19:40:12.881671Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-06T19:40:46.455Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:tanium:client:7.4.10.1116:*:*:*:*:*:*:*",
"cpe:2.3:a:tanium:client:7.6.2.1326:*:*:*:*:*:*:*",
"cpe:2.3:a:tanium:client:7.6.4.2159:*:*:*:*:*:*:*",
"cpe:2.3:a:tanium:client:7.7.3.8230:*:*:*:*:*:*:*"
],
"product": "Tanium Client",
"vendor": "Tanium",
"versions": [
{
"lessThan": "7.6.2.1327",
"status": "affected",
"version": "7.6.2.0",
"versionType": "custom"
},
{
"lessThan": "7.6.4.2160",
"status": "affected",
"version": "7.6.4.0",
"versionType": "custom"
},
{
"lessThan": "7.7.3.8231",
"status": "affected",
"version": "7.7.3.0",
"versionType": "custom"
},
{
"lessThan": "7.4.10.1118",
"status": "affected",
"version": "7.4.10.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Filip Waeytens"
},
{
"lang": "en",
"type": "reporter",
"value": "Frank Lycops"
},
{
"lang": "en",
"type": "reporter",
"value": "Jean-Michel Huguet"
},
{
"lang": "en",
"type": "reporter",
"value": "Jorge Escabias"
},
{
"lang": "en",
"type": "reporter",
"value": "Justin Hocquel from NCIA/NCSC"
}
],
"dateAssigned": "2025-12-29T23:12:59.718Z",
"datePublic": "2025-08-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Tanium addressed a denial of service vulnerability in Tanium Client."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-605",
"description": "Multiple Binds to the Same Port",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-06T19:18:13.493Z",
"orgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"shortName": "Tanium"
},
"references": [
{
"name": "TAN-2025-023",
"url": "https://security.tanium.com/TAN-2025-023"
}
],
"title": "Tanium addressed a denial of service vulnerability in Tanium Client."
}
},
"cveMetadata": {
"assignerOrgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"assignerShortName": "Tanium",
"cveId": "CVE-2025-15320",
"datePublished": "2026-02-06T19:18:13.493Z",
"dateReserved": "2025-12-29T23:12:59.888Z",
"dateUpdated": "2026-02-06T19:40:46.455Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-15311 (GCVE-0-2025-15311)
Vulnerability from cvelistv5 – Published: 2026-02-05 18:26 – Updated: 2026-02-06 19:01
VLAI?
Title
Tanium addressed an unauthorized code execution vulnerability in Tanium Appliance.
Summary
Tanium addressed an unauthorized code execution vulnerability in Tanium Appliance.
Severity ?
7.8 (High)
CWE
- CWE-150 - Improper Neutralization of Escape, Meta, or Control Sequences
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Tanium | Tanium Appliance |
Affected:
1.8.3.0 , < 1.8.3.0146
(custom)
Affected: 1.8.4.0 , < 1.8.4.0149 (custom) Affected: 1.8.5.0 , < 1.8.5.0212 (custom) cpe:2.3:a:tanium:tanos:1.8.3.0145:*:*:*:*:*:*:* cpe:2.3:a:tanium:tanos:1.8.4.0148:*:*:*:*:*:*:* cpe:2.3:a:tanium:tanos:1.8.5.0211:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-15311",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-06T19:01:19.848854Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-06T19:01:30.739Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:tanium:tanos:1.8.3.0145:*:*:*:*:*:*:*",
"cpe:2.3:a:tanium:tanos:1.8.4.0148:*:*:*:*:*:*:*",
"cpe:2.3:a:tanium:tanos:1.8.5.0211:*:*:*:*:*:*:*"
],
"product": "Tanium Appliance",
"vendor": "Tanium",
"versions": [
{
"lessThan": "1.8.3.0146",
"status": "affected",
"version": "1.8.3.0",
"versionType": "custom"
},
{
"lessThan": "1.8.4.0149",
"status": "affected",
"version": "1.8.4.0",
"versionType": "custom"
},
{
"lessThan": "1.8.5.0212",
"status": "affected",
"version": "1.8.5.0",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2025-12-29T23:12:52.865Z",
"datePublic": "2025-01-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Tanium addressed an unauthorized code execution vulnerability in Tanium Appliance."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-150",
"description": "Improper Neutralization of Escape, Meta, or Control Sequences",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-05T18:26:23.251Z",
"orgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"shortName": "Tanium"
},
"references": [
{
"name": "TAN-2025-002",
"url": "https://security.tanium.com/TAN-2025-002"
}
],
"title": "Tanium addressed an unauthorized code execution vulnerability in Tanium Appliance."
}
},
"cveMetadata": {
"assignerOrgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"assignerShortName": "Tanium",
"cveId": "CVE-2025-15311",
"datePublished": "2026-02-05T18:26:23.251Z",
"dateReserved": "2025-12-29T23:12:53.054Z",
"dateUpdated": "2026-02-06T19:01:30.739Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-15312 (GCVE-0-2025-15312)
Vulnerability from cvelistv5 – Published: 2026-02-05 18:26 – Updated: 2026-02-06 19:02
VLAI?
Title
Tanium addressed an improper output sanitization vulnerability in TanOS.
Summary
Tanium addressed an improper output sanitization vulnerability in Tanium Appliance.
Severity ?
6.6 (Medium)
CWE
- CWE-116 - Improper Encoding or Escaping of Output
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Tanium | Tanium Appliance |
Affected:
1.8.3.0 , < 1.8.3.0146
(custom)
Affected: 1.8.4.0 , < 1.8.4.0157 (custom) cpe:2.3:a:tanium:tanos:1.8.3.0145:*:*:*:*:*:*:* cpe:2.3:a:tanium:tanos:1.8.4.0156:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-15312",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-06T19:02:02.740803Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-06T19:02:11.979Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:tanium:tanos:1.8.3.0145:*:*:*:*:*:*:*",
"cpe:2.3:a:tanium:tanos:1.8.4.0156:*:*:*:*:*:*:*"
],
"product": "Tanium Appliance",
"vendor": "Tanium",
"versions": [
{
"lessThan": "1.8.3.0146",
"status": "affected",
"version": "1.8.3.0",
"versionType": "custom"
},
{
"lessThan": "1.8.4.0157",
"status": "affected",
"version": "1.8.4.0",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2025-12-29T23:12:53.375Z",
"datePublic": "2025-01-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Tanium addressed an improper output sanitization vulnerability in Tanium Appliance."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-116",
"description": "Improper Encoding or Escaping of Output",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-05T18:26:06.378Z",
"orgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"shortName": "Tanium"
},
"references": [
{
"name": "TAN-2025-003",
"url": "https://security.tanium.com/TAN-2025-003"
}
],
"title": "Tanium addressed an improper output sanitization vulnerability in TanOS."
}
},
"cveMetadata": {
"assignerOrgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"assignerShortName": "Tanium",
"cveId": "CVE-2025-15312",
"datePublished": "2026-02-05T18:26:06.378Z",
"dateReserved": "2025-12-29T23:12:53.559Z",
"dateUpdated": "2026-02-06T19:02:11.979Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-15324 (GCVE-0-2025-15324)
Vulnerability from cvelistv5 – Published: 2026-02-05 18:25 – Updated: 2026-02-06 19:03
VLAI?
Title
Tanium addressed a local privilege escalation vulnerability in Engage.
Summary
Tanium addressed a documentation issue in Engage.
Severity ?
6.6 (Medium)
CWE
- CWE-59 - Improper Link Resolution Before File Access ('Link Following')
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-15324",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-06T19:03:35.009129Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-06T19:03:42.971Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:tanium:service_engage:1.3.36:*:*:*:*:*:*:*",
"cpe:2.3:a:tanium:service_engage:1.6.192:*:*:*:*:*:*:*"
],
"product": "Engage",
"vendor": "Tanium",
"versions": [
{
"lessThan": "1.3.37",
"status": "affected",
"version": "1.3.0",
"versionType": "custom"
},
{
"lessThan": "1.6.193",
"status": "affected",
"version": "1.6.0",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2025-12-29T23:13:03.546Z",
"datePublic": "2025-01-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Tanium addressed a documentation issue in Engage."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-05T18:25:52.474Z",
"orgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"shortName": "Tanium"
},
"references": [
{
"name": "TAN-2025-004",
"url": "https://security.tanium.com/TAN-2025-004"
}
],
"title": "Tanium addressed a local privilege escalation vulnerability in Engage."
}
},
"cveMetadata": {
"assignerOrgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"assignerShortName": "Tanium",
"cveId": "CVE-2025-15324",
"datePublished": "2026-02-05T18:25:52.474Z",
"dateReserved": "2025-12-29T23:13:03.776Z",
"dateUpdated": "2026-02-06T19:03:42.971Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-15325 (GCVE-0-2025-15325)
Vulnerability from cvelistv5 – Published: 2026-02-05 18:25 – Updated: 2026-02-06 19:04
VLAI?
Title
Tanium addressed an improper input validation vulnerability in Discover.
Summary
Tanium addressed an improper input validation vulnerability in Discover.
Severity ?
6.3 (Medium)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-15325",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-06T19:04:36.861254Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-06T19:04:45.319Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:tanium:service_discover:4.10.89:*:*:*:*:*:*:*"
],
"product": "Discover",
"vendor": "Tanium",
"versions": [
{
"lessThan": "4.10.90",
"status": "affected",
"version": "4.10.0",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2025-12-29T23:13:04.660Z",
"datePublic": "2025-01-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Tanium addressed an improper input validation vulnerability in Discover."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-05T18:25:29.908Z",
"orgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"shortName": "Tanium"
},
"references": [
{
"name": "TAN-2025-005",
"url": "https://security.tanium.com/TAN-2025-005"
}
],
"title": "Tanium addressed an improper input validation vulnerability in Discover."
}
},
"cveMetadata": {
"assignerOrgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"assignerShortName": "Tanium",
"cveId": "CVE-2025-15325",
"datePublished": "2026-02-05T18:25:29.908Z",
"dateReserved": "2025-12-29T23:13:04.840Z",
"dateUpdated": "2026-02-06T19:04:45.319Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-15326 (GCVE-0-2025-15326)
Vulnerability from cvelistv5 – Published: 2026-02-05 18:25 – Updated: 2026-02-06 19:07
VLAI?
Title
Tanium addressed an improper access controls vulnerability in Patch.
Summary
Tanium addressed an improper access controls vulnerability in Patch.
Severity ?
4.3 (Medium)
CWE
- CWE-862 - Missing Authorization
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-15326",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-06T19:07:15.349117Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-06T19:07:24.033Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:tanium:service_patch:3.17.2261:*:*:*:*:*:*:*",
"cpe:2.3:a:tanium:service_patch:3.19.194:*:*:*:*:*:*:*"
],
"product": "Patch",
"vendor": "Tanium",
"versions": [
{
"lessThan": "3.17.2262",
"status": "affected",
"version": "3.17.0",
"versionType": "custom"
},
{
"lessThan": "3.19.195",
"status": "affected",
"version": "3.19.0",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2025-12-29T23:13:29.639Z",
"datePublic": "2025-01-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Tanium addressed an improper access controls vulnerability in Patch."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-05T18:25:11.487Z",
"orgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"shortName": "Tanium"
},
"references": [
{
"name": "TAN-2025-006",
"url": "https://security.tanium.com/TAN-2025-006"
}
],
"title": "Tanium addressed an improper access controls vulnerability in Patch."
}
},
"cveMetadata": {
"assignerOrgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"assignerShortName": "Tanium",
"cveId": "CVE-2025-15326",
"datePublished": "2026-02-05T18:25:11.487Z",
"dateReserved": "2025-12-29T23:13:29.803Z",
"dateUpdated": "2026-02-06T19:07:24.033Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-15327 (GCVE-0-2025-15327)
Vulnerability from cvelistv5 – Published: 2026-02-05 18:25 – Updated: 2026-02-06 19:10
VLAI?
Title
Tanium addressed an improper access controls vulnerability in Deploy.
Summary
Tanium addressed an improper access controls vulnerability in Deploy.
Severity ?
4.3 (Medium)
CWE
- CWE-862 - Missing Authorization
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-15327",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-06T19:10:10.675713Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-06T19:10:18.914Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:tanium:service_deploy:2.26.1252:*:*:*:*:*:*:*",
"cpe:2.3:a:tanium:service_deploy:2.30.149:*:*:*:*:*:*:*"
],
"product": "Deploy",
"vendor": "Tanium",
"versions": [
{
"lessThan": "2.26.1253",
"status": "affected",
"version": "2.26.0",
"versionType": "custom"
},
{
"lessThan": "2.30.150",
"status": "affected",
"version": "2.30.0",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2025-12-29T23:13:29.851Z",
"datePublic": "2025-01-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Tanium addressed an improper access controls vulnerability in Deploy."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-05T18:25:11.258Z",
"orgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"shortName": "Tanium"
},
"references": [
{
"name": "TAN-2025-006",
"url": "https://security.tanium.com/TAN-2025-006"
}
],
"title": "Tanium addressed an improper access controls vulnerability in Deploy."
}
},
"cveMetadata": {
"assignerOrgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"assignerShortName": "Tanium",
"cveId": "CVE-2025-15327",
"datePublished": "2026-02-05T18:25:11.258Z",
"dateReserved": "2025-12-29T23:13:30.151Z",
"dateUpdated": "2026-02-06T19:10:18.914Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-15328 (GCVE-0-2025-15328)
Vulnerability from cvelistv5 – Published: 2026-02-05 18:24 – Updated: 2026-02-06 19:12
VLAI?
Title
Tanium addressed an improper link resolution before file access vulnerability in Enforce.
Summary
Tanium addressed an improper link resolution before file access vulnerability in Enforce.
Severity ?
5 (Medium)
CWE
- CWE-59 - Improper Link Resolution Before File Access ('Link Following')
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-15328",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-06T19:12:46.298503Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-06T19:12:54.357Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:tanium:service_enforce:2.7.313:*:*:*:*:*:*:*",
"cpe:2.3:a:tanium:service_enforce:2.8.543:*:*:*:*:*:*:*"
],
"product": "Enforce",
"vendor": "Tanium",
"versions": [
{
"lessThan": "2.7.314",
"status": "affected",
"version": "2.7.0",
"versionType": "custom"
},
{
"lessThan": "2.8.544",
"status": "affected",
"version": "2.8.0",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2025-12-29T23:13:30.169Z",
"datePublic": "2025-02-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Tanium addressed an improper link resolution before file access vulnerability in Enforce."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-05T18:24:42.534Z",
"orgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"shortName": "Tanium"
},
"references": [
{
"name": "TAN-2025-007",
"url": "https://security.tanium.com/TAN-2025-007"
}
],
"title": "Tanium addressed an improper link resolution before file access vulnerability in Enforce."
}
},
"cveMetadata": {
"assignerOrgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"assignerShortName": "Tanium",
"cveId": "CVE-2025-15328",
"datePublished": "2026-02-05T18:24:42.534Z",
"dateReserved": "2025-12-29T23:13:30.399Z",
"dateUpdated": "2026-02-06T19:12:54.357Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-15330 (GCVE-0-2025-15330)
Vulnerability from cvelistv5 – Published: 2026-02-05 18:24 – Updated: 2026-02-06 19:13
VLAI?
Title
Tanium addressed an improper input validation vulnerability in Deploy.
Summary
Tanium addressed an improper input validation vulnerability in Deploy.
Severity ?
8.8 (High)
CWE
- CWE-862 - Missing Authorization
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-15330",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-06T19:13:20.790327Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-06T19:13:31.613Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:tanium:service_deploy:2.26.1278:*:*:*:*:*:*:*",
"cpe:2.3:a:tanium:service_deploy:2.30.174:*:*:*:*:*:*:*"
],
"product": "Deploy",
"vendor": "Tanium",
"versions": [
{
"lessThan": "2.26.1279",
"status": "affected",
"version": "2.26.0",
"versionType": "custom"
},
{
"lessThan": "2.30.175",
"status": "affected",
"version": "2.30.0",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2025-12-29T23:13:30.875Z",
"datePublic": "2025-03-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Tanium addressed an improper input validation vulnerability in Deploy."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-05T18:24:27.066Z",
"orgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"shortName": "Tanium"
},
"references": [
{
"name": "TAN-2025-012",
"url": "https://security.tanium.com/TAN-2025-012"
}
],
"title": "Tanium addressed an improper input validation vulnerability in Deploy."
}
},
"cveMetadata": {
"assignerOrgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"assignerShortName": "Tanium",
"cveId": "CVE-2025-15330",
"datePublished": "2026-02-05T18:24:27.066Z",
"dateReserved": "2025-12-29T23:13:31.023Z",
"dateUpdated": "2026-02-06T19:13:31.613Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-15331 (GCVE-0-2025-15331)
Vulnerability from cvelistv5 – Published: 2026-02-05 18:23 – Updated: 2026-02-06 19:14
VLAI?
Title
Tanium addressed an uncontrolled resource consumption vulnerability in Connect.
Summary
Tanium addressed an uncontrolled resource consumption vulnerability in Connect.
Severity ?
4.3 (Medium)
CWE
- CWE-459 - Incomplete Cleanup
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-15331",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-06T19:14:45.363886Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-06T19:14:52.895Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:tanium:service_connect:5.22.99:*:*:*:*:*:*:*",
"cpe:2.3:a:tanium:service_connect:5.26.86:*:*:*:*:*:*:*"
],
"product": "Connect",
"vendor": "Tanium",
"versions": [
{
"lessThan": "5.22.100",
"status": "affected",
"version": "5.22.0",
"versionType": "custom"
},
{
"lessThan": "5.26.87",
"status": "affected",
"version": "5.26.0",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2025-12-29T23:13:31.267Z",
"datePublic": "2025-04-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Tanium addressed an uncontrolled resource consumption vulnerability in Connect."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-459",
"description": "Incomplete Cleanup",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-05T18:23:51.939Z",
"orgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"shortName": "Tanium"
},
"references": [
{
"name": "TAN-2025-015",
"url": "https://security.tanium.com/TAN-2025-015"
}
],
"title": "Tanium addressed an uncontrolled resource consumption vulnerability in Connect."
}
},
"cveMetadata": {
"assignerOrgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"assignerShortName": "Tanium",
"cveId": "CVE-2025-15331",
"datePublished": "2026-02-05T18:23:51.939Z",
"dateReserved": "2025-12-29T23:13:31.408Z",
"dateUpdated": "2026-02-06T19:14:52.895Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-15329 (GCVE-0-2025-15329)
Vulnerability from cvelistv5 – Published: 2026-02-05 18:23 – Updated: 2026-02-06 19:15
VLAI?
Title
Tanium addressed an information disclosure vulnerability in Threat Response.
Summary
Tanium addressed an information disclosure vulnerability in Threat Response.
Severity ?
4.9 (Medium)
CWE
- CWE-201 - Insertion of Sensitive Information Into Sent Data
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Tanium | Threat Response |
Affected:
4.5.0 , < 4.5.250
(custom)
Affected: 4.6.0 , < 4.6.518 (custom) Affected: 4.9.0 , < 4.9.297 (custom) cpe:2.3:a:tanium:service_threatresponse:4.5.249:*:*:*:*:*:*:* cpe:2.3:a:tanium:service_threatresponse:4.6.517:*:*:*:*:*:*:* cpe:2.3:a:tanium:service_threatresponse:4.9.296:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-15329",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-06T19:15:31.703269Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-06T19:15:39.292Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:tanium:service_threatresponse:4.5.249:*:*:*:*:*:*:*",
"cpe:2.3:a:tanium:service_threatresponse:4.6.517:*:*:*:*:*:*:*",
"cpe:2.3:a:tanium:service_threatresponse:4.9.296:*:*:*:*:*:*:*"
],
"product": "Threat Response",
"vendor": "Tanium",
"versions": [
{
"lessThan": "4.5.250",
"status": "affected",
"version": "4.5.0",
"versionType": "custom"
},
{
"lessThan": "4.6.518",
"status": "affected",
"version": "4.6.0",
"versionType": "custom"
},
{
"lessThan": "4.9.297",
"status": "affected",
"version": "4.9.0",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2025-12-29T23:13:30.479Z",
"datePublic": "2025-07-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Tanium addressed an information disclosure vulnerability in Threat Response."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-201",
"description": "Insertion of Sensitive Information Into Sent Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-05T18:23:27.646Z",
"orgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"shortName": "Tanium"
},
"references": [
{
"name": "TAN-2025-019",
"url": "https://security.tanium.com/TAN-2025-019"
}
],
"title": "Tanium addressed an information disclosure vulnerability in Threat Response."
}
},
"cveMetadata": {
"assignerOrgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"assignerShortName": "Tanium",
"cveId": "CVE-2025-15329",
"datePublished": "2026-02-05T18:23:27.646Z",
"dateReserved": "2025-12-29T23:13:30.646Z",
"dateUpdated": "2026-02-06T19:15:39.292Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-15332 (GCVE-0-2025-15332)
Vulnerability from cvelistv5 – Published: 2026-02-05 18:22 – Updated: 2026-02-06 17:37
VLAI?
Title
Tanium addressed an information disclosure vulnerability in Threat Response.
Summary
Tanium addressed an information disclosure vulnerability in Threat Response.
Severity ?
4.9 (Medium)
CWE
- CWE-532 - Insertion of Sensitive Information into Log File
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Tanium | Threat Response |
Affected:
4.5.0 , < 4.5.250
(custom)
Affected: 4.6.0 , < 4.6.518 (custom) Affected: 4.9.0 , < 4.9.297 (custom) cpe:2.3:a:tanium:service_threatresponse:4.5.249:*:*:*:*:*:*:* cpe:2.3:a:tanium:service_threatresponse:4.6.517:*:*:*:*:*:*:* cpe:2.3:a:tanium:service_threatresponse:4.9.296:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-15332",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-06T17:37:00.739296Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-06T17:37:09.090Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:tanium:service_threatresponse:4.5.249:*:*:*:*:*:*:*",
"cpe:2.3:a:tanium:service_threatresponse:4.6.517:*:*:*:*:*:*:*",
"cpe:2.3:a:tanium:service_threatresponse:4.9.296:*:*:*:*:*:*:*"
],
"product": "Threat Response",
"vendor": "Tanium",
"versions": [
{
"lessThan": "4.5.250",
"status": "affected",
"version": "4.5.0",
"versionType": "custom"
},
{
"lessThan": "4.6.518",
"status": "affected",
"version": "4.6.0",
"versionType": "custom"
},
{
"lessThan": "4.9.297",
"status": "affected",
"version": "4.9.0",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2025-12-29T23:13:31.819Z",
"datePublic": "2025-07-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Tanium addressed an information disclosure vulnerability in Threat Response."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "Insertion of Sensitive Information into Log File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-05T18:22:45.788Z",
"orgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"shortName": "Tanium"
},
"references": [
{
"name": "TAN-2025-020",
"url": "https://security.tanium.com/TAN-2025-020"
}
],
"title": "Tanium addressed an information disclosure vulnerability in Threat Response."
}
},
"cveMetadata": {
"assignerOrgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"assignerShortName": "Tanium",
"cveId": "CVE-2025-15332",
"datePublished": "2026-02-05T18:22:45.788Z",
"dateReserved": "2025-12-29T23:13:31.979Z",
"dateUpdated": "2026-02-06T17:37:09.090Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-15321 (GCVE-0-2025-15321)
Vulnerability from cvelistv5 – Published: 2026-02-05 18:20 – Updated: 2026-02-06 17:37
VLAI?
Title
Tanium addressed an improper input validation vulnerability in Tanium Appliance.
Summary
Tanium addressed an improper input validation vulnerability in Tanium Appliance.
Severity ?
CWE
- CWE-426 - Untrusted Search Path
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Tanium | Tanium Appliance |
Affected:
1.8.3.0 , < 1.8.3.0196
(custom)
Affected: 1.8.5.0 , < 1.8.5.0199 (custom) Affected: 1.8.5.0 , < 1.8.5.0227 (custom) cpe:2.3:a:tanium:tanos:1.8.3.0195:*:*:*:*:*:*:* cpe:2.3:a:tanium:tanos:1.8.5.0198:*:*:*:*:*:*:* cpe:2.3:a:tanium:tanos:1.8.5.0226:*:*:*:*:*:*:* |
Credits
Filip Waeytens
Frank Lycops
Jean-Michel Huguet
Jorge Escabias
Justin Hocquel from NCIA/NCSC
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-15321",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-06T17:37:17.139008Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-06T17:37:27.718Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:tanium:tanos:1.8.3.0195:*:*:*:*:*:*:*",
"cpe:2.3:a:tanium:tanos:1.8.5.0198:*:*:*:*:*:*:*",
"cpe:2.3:a:tanium:tanos:1.8.5.0226:*:*:*:*:*:*:*"
],
"product": "Tanium Appliance",
"vendor": "Tanium",
"versions": [
{
"lessThan": "1.8.3.0196",
"status": "affected",
"version": "1.8.3.0",
"versionType": "custom"
},
{
"lessThan": "1.8.5.0199",
"status": "affected",
"version": "1.8.5.0",
"versionType": "custom"
},
{
"lessThan": "1.8.5.0227",
"status": "affected",
"version": "1.8.5.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Filip Waeytens"
},
{
"lang": "en",
"type": "reporter",
"value": "Frank Lycops"
},
{
"lang": "en",
"type": "reporter",
"value": "Jean-Michel Huguet"
},
{
"lang": "en",
"type": "reporter",
"value": "Jorge Escabias"
},
{
"lang": "en",
"type": "reporter",
"value": "Justin Hocquel from NCIA/NCSC"
}
],
"dateAssigned": "2025-12-29T23:13:00.595Z",
"datePublic": "2025-08-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Tanium addressed an improper input validation vulnerability in Tanium Appliance."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 2.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-426",
"description": "Untrusted Search Path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-05T18:20:39.404Z",
"orgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"shortName": "Tanium"
},
"references": [
{
"name": "TAN-2025-024",
"url": "https://security.tanium.com/TAN-2025-024"
}
],
"title": "Tanium addressed an improper input validation vulnerability in Tanium Appliance."
}
},
"cveMetadata": {
"assignerOrgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"assignerShortName": "Tanium",
"cveId": "CVE-2025-15321",
"datePublished": "2026-02-05T18:20:39.404Z",
"dateReserved": "2025-12-29T23:13:00.749Z",
"dateUpdated": "2026-02-06T17:37:27.718Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-15333 (GCVE-0-2025-15333)
Vulnerability from cvelistv5 – Published: 2026-02-05 18:20 – Updated: 2026-02-06 17:37
VLAI?
Title
Tanium addressed an information disclosure vulnerability in Threat Response.
Summary
Tanium addressed an information disclosure vulnerability in Threat Response.
Severity ?
4.3 (Medium)
CWE
- CWE-276 - Incorrect Default Permissions
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Tanium | Threat Response |
Affected:
4.5.0 , < 4.5.266
(custom)
Affected: 4.6.0 , < 4.6.536 (custom) Affected: 4.9.0 , < 4.9.324 (custom) cpe:2.3:a:tanium:service_threatresponse:4.5.265:*:*:*:*:*:*:* cpe:2.3:a:tanium:service_threatresponse:4.6.535:*:*:*:*:*:*:* cpe:2.3:a:tanium:service_threatresponse:4.9.323:*:*:*:*:*:*:* |
Credits
Filip Waeytens
Frank Lycops
Jean-Michel Huguet
Jorge Escabias
Justin Hocquel from NCIA/NCSC
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-15333",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-06T17:37:34.407949Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-06T17:37:41.457Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:tanium:service_threatresponse:4.5.265:*:*:*:*:*:*:*",
"cpe:2.3:a:tanium:service_threatresponse:4.6.535:*:*:*:*:*:*:*",
"cpe:2.3:a:tanium:service_threatresponse:4.9.323:*:*:*:*:*:*:*"
],
"product": "Threat Response",
"vendor": "Tanium",
"versions": [
{
"lessThan": "4.5.266",
"status": "affected",
"version": "4.5.0",
"versionType": "custom"
},
{
"lessThan": "4.6.536",
"status": "affected",
"version": "4.6.0",
"versionType": "custom"
},
{
"lessThan": "4.9.324",
"status": "affected",
"version": "4.9.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Filip Waeytens"
},
{
"lang": "en",
"type": "reporter",
"value": "Frank Lycops"
},
{
"lang": "en",
"type": "reporter",
"value": "Jean-Michel Huguet"
},
{
"lang": "en",
"type": "reporter",
"value": "Jorge Escabias"
},
{
"lang": "en",
"type": "reporter",
"value": "Justin Hocquel from NCIA/NCSC"
}
],
"dateAssigned": "2025-12-29T23:13:32.264Z",
"datePublic": "2025-08-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Tanium addressed an information disclosure vulnerability in Threat Response."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-05T18:20:14.854Z",
"orgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"shortName": "Tanium"
},
"references": [
{
"name": "TAN-2025-025",
"url": "https://security.tanium.com/TAN-2025-025"
}
],
"title": "Tanium addressed an information disclosure vulnerability in Threat Response."
}
},
"cveMetadata": {
"assignerOrgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"assignerShortName": "Tanium",
"cveId": "CVE-2025-15333",
"datePublished": "2026-02-05T18:20:14.854Z",
"dateReserved": "2025-12-29T23:13:32.432Z",
"dateUpdated": "2026-02-06T17:37:41.457Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-15334 (GCVE-0-2025-15334)
Vulnerability from cvelistv5 – Published: 2026-02-05 18:18 – Updated: 2026-02-06 18:15
VLAI?
Title
Tanium addressed an information disclosure vulnerability in Threat Response.
Summary
Tanium addressed an information disclosure vulnerability in Threat Response.
Severity ?
4.3 (Medium)
CWE
- CWE-276 - Incorrect Default Permissions
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Tanium | Threat Response |
Affected:
4.5.0 , < 4.5.266
(custom)
Affected: 4.6.0 , < 4.6.536 (custom) Affected: 4.9.0 , < 4.9.324 (custom) cpe:2.3:a:tanium:service_threatresponse:4.5.265:*:*:*:*:*:*:* cpe:2.3:a:tanium:service_threatresponse:4.6.535:*:*:*:*:*:*:* cpe:2.3:a:tanium:service_threatresponse:4.9.323:*:*:*:*:*:*:* |
Credits
Filip Waeytens
Frank Lycops
Jean-Michel Huguet
Jorge Escabias
Justin Hocquel from NCIA/NCSC
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-15334",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-06T18:15:15.985229Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-06T18:15:24.622Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:tanium:service_threatresponse:4.5.265:*:*:*:*:*:*:*",
"cpe:2.3:a:tanium:service_threatresponse:4.6.535:*:*:*:*:*:*:*",
"cpe:2.3:a:tanium:service_threatresponse:4.9.323:*:*:*:*:*:*:*"
],
"product": "Threat Response",
"vendor": "Tanium",
"versions": [
{
"lessThan": "4.5.266",
"status": "affected",
"version": "4.5.0",
"versionType": "custom"
},
{
"lessThan": "4.6.536",
"status": "affected",
"version": "4.6.0",
"versionType": "custom"
},
{
"lessThan": "4.9.324",
"status": "affected",
"version": "4.9.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Filip Waeytens"
},
{
"lang": "en",
"type": "reporter",
"value": "Frank Lycops"
},
{
"lang": "en",
"type": "reporter",
"value": "Jean-Michel Huguet"
},
{
"lang": "en",
"type": "reporter",
"value": "Jorge Escabias"
},
{
"lang": "en",
"type": "reporter",
"value": "Justin Hocquel from NCIA/NCSC"
}
],
"dateAssigned": "2025-12-29T23:13:32.895Z",
"datePublic": "2025-08-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Tanium addressed an information disclosure vulnerability in Threat Response."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-05T18:18:04.149Z",
"orgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"shortName": "Tanium"
},
"references": [
{
"name": "TAN-2025-026",
"url": "https://security.tanium.com/TAN-2025-026"
}
],
"title": "Tanium addressed an information disclosure vulnerability in Threat Response."
}
},
"cveMetadata": {
"assignerOrgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"assignerShortName": "Tanium",
"cveId": "CVE-2025-15334",
"datePublished": "2026-02-05T18:18:04.149Z",
"dateReserved": "2025-12-29T23:13:33.075Z",
"dateUpdated": "2026-02-06T18:15:24.622Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-15335 (GCVE-0-2025-15335)
Vulnerability from cvelistv5 – Published: 2026-02-05 18:17 – Updated: 2026-02-06 18:15
VLAI?
Title
Tanium addressed an information disclosure vulnerability in Threat Response.
Summary
Tanium addressed an information disclosure vulnerability in Threat Response.
Severity ?
4.3 (Medium)
CWE
- CWE-276 - Incorrect Default Permissions
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Tanium | Threat Response |
Affected:
4.5.0 , < 4.5.266
(custom)
Affected: 4.6.0 , < 4.6.536 (custom) Affected: 4.9.0 , < 4.9.324 (custom) cpe:2.3:a:tanium:service_threatresponse:4.5.265:*:*:*:*:*:*:* cpe:2.3:a:tanium:service_threatresponse:4.6.535:*:*:*:*:*:*:* cpe:2.3:a:tanium:service_threatresponse:4.9.323:*:*:*:*:*:*:* |
Credits
Filip Waeytens
Frank Lycops
Jean-Michel Huguet
Jorge Escabias
Justin Hocquel at NCIA/NCSC
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-15335",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-06T18:15:31.106351Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-06T18:15:40.477Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:tanium:service_threatresponse:4.5.265:*:*:*:*:*:*:*",
"cpe:2.3:a:tanium:service_threatresponse:4.6.535:*:*:*:*:*:*:*",
"cpe:2.3:a:tanium:service_threatresponse:4.9.323:*:*:*:*:*:*:*"
],
"product": "Threat Response",
"vendor": "Tanium",
"versions": [
{
"lessThan": "4.5.266",
"status": "affected",
"version": "4.5.0",
"versionType": "custom"
},
{
"lessThan": "4.6.536",
"status": "affected",
"version": "4.6.0",
"versionType": "custom"
},
{
"lessThan": "4.9.324",
"status": "affected",
"version": "4.9.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Filip Waeytens"
},
{
"lang": "en",
"type": "reporter",
"value": "Frank Lycops"
},
{
"lang": "en",
"type": "reporter",
"value": "Jean-Michel Huguet"
},
{
"lang": "en",
"type": "reporter",
"value": "Jorge Escabias"
},
{
"lang": "en",
"type": "reporter",
"value": "Justin Hocquel at NCIA/NCSC"
}
],
"dateAssigned": "2025-12-29T23:13:47.658Z",
"datePublic": "2025-09-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Tanium addressed an information disclosure vulnerability in Threat Response."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-05T18:17:28.244Z",
"orgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"shortName": "Tanium"
},
"references": [
{
"name": "TAN-2025-027",
"url": "https://security.tanium.com/TAN-2025-027"
}
],
"title": "Tanium addressed an information disclosure vulnerability in Threat Response."
}
},
"cveMetadata": {
"assignerOrgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"assignerShortName": "Tanium",
"cveId": "CVE-2025-15335",
"datePublished": "2026-02-05T18:17:28.244Z",
"dateReserved": "2025-12-29T23:13:47.826Z",
"dateUpdated": "2026-02-06T18:15:40.477Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}