CVE-2025-15311
Unknown Unknown - Not Provided
Unauthorized Code Execution Vulnerability in Tanium Appliance

Publication date: 2026-02-05

Last updated on: 2026-02-10

Assigner: Tanium

Description
Tanium addressed an unauthorized code execution vulnerability in Tanium Appliance.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-05
Last Modified
2026-02-10
Generated
2026-06-16
AI Q&A
2026-02-05
EPSS Evaluated
2026-06-15
NVD
CVE-2025-15311
EUVD
EUVD-2025-206829
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
tanium tanos to 1.8.3.0146 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-150 The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as escape, meta, or control character sequences when they are sent to a downstream component.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-15311 is a high-severity vulnerability affecting Tanium Appliance versions prior to 1.8.4. It allows an authenticated TanOS user with the tanuser role to execute unauthorized code within the context of the Tanium Appliance.

The attack requires local access, low privileges, and no user interaction, making it relatively easy to exploit once access is obtained.

Impact Analysis

This vulnerability can impact confidentiality, integrity, and availability of the Tanium Appliance.

  • Confidentiality: Unauthorized code execution could lead to exposure of sensitive information.
  • Integrity: Attackers could modify or corrupt data or system components.
  • Availability: The system could be disrupted or made unavailable due to malicious code execution.
Compliance Impact

I don't know

Detection Guidance

There is no specific information available about detection methods or commands to identify this vulnerability on your network or system.

Mitigation Strategies

The vulnerability is addressed in Tanium Appliance version 1.8.4. Immediate mitigation requires upgrading to version 1.8.4 or later.

There are no available workarounds or other mitigations.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-15311. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart