CVE-2025-15323
Improper Certificate Validation in Tanium Appliance Risks Security Breach
Publication date: 2026-02-05
Last updated on: 2026-02-10
Assigner: Tanium
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| tanium | tanos | From 1.8.3 (inc) to 1.8.3.0199 (exc) |
| tanium | tanos | From 1.8.4 (inc) to 1.8.4.0205 (exc) |
| tanium | tanos | From 1.8.5 (inc) to 1.8.5.0236 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-295 | The product does not validate, or incorrectly validates, a certificate. |
Attack-Flow Graph
AI Powered Q&A
What immediate steps should I take to mitigate this vulnerability?
No workarounds or mitigations are available for this vulnerability.
The vulnerability is resolved by updating the Tanium Appliance to Update 24 (v1.8.3.0199) or later for 2024H1, Update 12 (v1.8.4.0205) or later for 2024H2, or Update 6 (v1.8.5.0236) or later for 2025H1.
Therefore, the immediate step is to apply the appropriate update to your Tanium Appliance to remediate this issue.
Can you explain this vulnerability to me?
CVE-2025-15323 is an improper certificate validation vulnerability in Tanium Appliance. It allows an unauthenticated attacker over the network to view or tamper with log data when a remote syslog destination is configured to use TLS.
How can this vulnerability impact me? :
This vulnerability can allow an attacker to access or modify log data transmitted to a remote syslog server using TLS, potentially exposing sensitive information or corrupting log integrity.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
There are no specific detection commands or methods provided to identify this vulnerability on your network or system.