CVE-2025-15320
Denial of Service Vulnerability in Tanium Client
Publication date: 2026-02-06
Last updated on: 2026-03-09
Assigner: Tanium
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| tanium | tanium | From 7.4.10.0 (inc) to 7.4.10.1118 (exc) |
| tanium | tanium | From 7.6.2.0 (inc) to 7.6.2.1327 (exc) |
| tanium | tanium | From 7.6.4.0 (inc) to 7.6.4.2160 (exc) |
| tanium | tanium | From 7.7.3.0 (inc) to 7.7.3.8231 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-605 | When multiple sockets are allowed to bind to the same port, other services on that port may be stolen or spoofed. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-15320 is a low-severity denial of service (DoS) vulnerability in the Tanium Client API.
It allows an attacker with local access to a system running the Tanium Client to disrupt its operation.
The vulnerability has a CVSS 3.1 base score of 3.3, indicating it requires local access, low complexity, and low privileges, with no user interaction needed.
How can this vulnerability impact me? :
This vulnerability can impact you by causing a denial of service on the Tanium Client running on your system.
An attacker with local access could disrupt the operation of the Tanium Client, potentially affecting availability.
However, it does not impact confidentiality or integrity of data.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability affects specific versions of the Tanium Client. Detection involves identifying if any affected versions are installed on your systems.'}, {'type': 'list_item', 'content': 'Check the installed Tanium Client version on your systems to see if it is one of the affected versions: 7.4 prior to 7.4.10.1117, 2024H1 Release versions prior to Update 22 (v7.6.2.1327), 2024H2 Release versions prior to Update 11 (v7.6.4.2160), or 2025H1 Release versions prior to Update 5 (v7.7.3.8231).'}, {'type': 'list_item', 'content': 'Use system commands to query the installed Tanium Client version, for example on Windows: `wmic product where "name like \'%Tanium Client%\'" get version` or on Linux: `rpm -qa | grep tanium` or `dpkg -l | grep tanium`.'}] [1]
What immediate steps should I take to mitigate this vulnerability?
There are no workarounds or mitigations available for this vulnerability.
The immediate step to mitigate this vulnerability is to upgrade the Tanium Client to a fixed version.
- Upgrade to Tanium Client version 7.4.10.1117 or later.
- Alternatively, upgrade to 2024H1 Update 22 (v7.6.2.1327) or later, 2024H2 Update 11 (v7.6.4.2160) or later, or 2025H1 Update 5 (v7.7.3.8231) or later.