CVE-2025-15321
Improper Input Validation in Tanium Appliance Risks Data Integrity
Publication date: 2026-02-05
Last updated on: 2026-02-10
Assigner: Tanium
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| tanium | tanos | From 1.8.3 (inc) to 1.8.3.0196 (exc) |
| tanium | tanos | From 1.8.4 (inc) to 1.8.4.0199 (exc) |
| tanium | tanos | From 1.8.5 (inc) to 1.8.5.0227 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-426 | The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control. |
| CWE-863 | The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-15321 is an improper input validation vulnerability found in the Tanium Appliance. It allows an authenticated user with the tanadmin role to gain unauthorized read-only access to data beyond their permitted scope.
This vulnerability affects Tanium Appliance versions prior to certain updates in the 2024H1, 2024H2, and 2025H1 releases.
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized read-only access to data beyond what an authenticated tanadmin user is normally allowed to see. This could expose sensitive information to users who should not have access to it.
However, the severity is considered low with a CVSS base score of 2.7, and it requires the attacker to already have authenticated access with a high privilege role.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
There are no specific detection commands or methods provided to identify this vulnerability on your network or system.
The vulnerability requires an authenticated TanOS user with the tanadmin role to exploit improper input validation, so monitoring for unauthorized access attempts by such users might help, but no explicit detection commands are given.
What immediate steps should I take to mitigate this vulnerability?
The immediate step to mitigate this vulnerability is to apply the available updates or later versions of the Tanium Appliance.
- Update to at least Update 22 (v1.8.3.0196) in the 2024H1 release.
- Or update to at least Update 11 (v1.8.4.0199) in the 2024H2 release.
- Or update to at least Update 5 (v1.8.5.0227) in the 2025H1 release.
No workarounds or other mitigations are provided.