CVE-2025-15311
Unknown Unknown - Not Provided
Unauthorized Code Execution Vulnerability in Tanium Appliance

Publication date: 2026-02-05

Last updated on: 2026-02-10

Assigner: Tanium

Description
Tanium addressed an unauthorized code execution vulnerability in Tanium Appliance.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-05
Last Modified
2026-02-10
Generated
2026-05-07
AI Q&A
2026-02-05
EPSS Evaluated
2026-05-05
NVD
CVE-2025-15311
EUVD
EUVD-2025-206829
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
tanium tanos to 1.8.3.0146 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-150 The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as escape, meta, or control character sequences when they are sent to a downstream component.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

CVE-2025-15311 is a high-severity vulnerability affecting Tanium Appliance versions prior to 1.8.4. It allows an authenticated TanOS user with the tanuser role to execute unauthorized code within the context of the Tanium Appliance.

The attack requires local access, low privileges, and no user interaction, making it relatively easy to exploit once access is obtained.


How can this vulnerability impact me? :

This vulnerability can impact confidentiality, integrity, and availability of the Tanium Appliance.

  • Confidentiality: Unauthorized code execution could lead to exposure of sensitive information.
  • Integrity: Attackers could modify or corrupt data or system components.
  • Availability: The system could be disrupted or made unavailable due to malicious code execution.

How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

I don't know


How can this vulnerability be detected on my network or system? Can you suggest some commands?

There is no specific information available about detection methods or commands to identify this vulnerability on your network or system.


What immediate steps should I take to mitigate this vulnerability?

The vulnerability is addressed in Tanium Appliance version 1.8.4. Immediate mitigation requires upgrading to version 1.8.4 or later.

There are no available workarounds or other mitigations.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart