CVE-2025-15324
Unknown Unknown - Not Provided
Documentation Disclosure Issue in Tanium Engage Component

Publication date: 2026-02-05

Last updated on: 2026-02-10

Assigner: Tanium

Description
Tanium addressed a documentation issue in Engage.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-05
Last Modified
2026-02-10
Generated
2026-06-16
AI Q&A
2026-02-05
EPSS Evaluated
2026-06-15
NVD
CVE-2025-15324
EUVD
EUVD-2025-206831
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
tanium engage From 1.3.0 (inc) to 1.3.37 (exc)
tanium engage From 1.6.0 (inc) to 1.6.193 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-59 The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-15324 is a local privilege escalation vulnerability in Tanium Engage affecting versions prior to 1.3.37 and 1.6.193.

The issue occurs when a file is deleted from or written to a user-controlled location on a system running the Tanium Client, which may allow an attacker with local access to escalate their privileges.

This vulnerability requires local access and user interaction, has low attack complexity, and low privileges required to exploit.

Impact Analysis

This vulnerability can allow an attacker with local access to escalate their privileges on the affected system.

The CVSS score indicates high impact on integrity and availability, meaning the attacker could potentially alter or disrupt system operations.

There is no impact on confidentiality according to the CVSS vector.

No workarounds or mitigations are available, so updating to fixed versions is necessary to address the issue.

Compliance Impact

I don't know

Detection Guidance

CVE-2025-15324 is a local privilege escalation vulnerability in Tanium Engage affecting versions prior to 1.3.37 and 1.6.193. Detection involves identifying if vulnerable versions of Tanium Engage are installed on the system.

Since the vulnerability arises from file deletion or writing in user-controlled locations on a system running the Tanium Client, monitoring for unusual file operations or privilege escalations locally may help detect exploitation attempts.

However, no specific detection commands or network-based detection methods are provided in the available information.

Mitigation Strategies

There are no workarounds or mitigations available for this vulnerability.

The immediate step to mitigate this vulnerability is to upgrade Tanium Engage to version 1.3.37 or later, or 1.6.193 or later, where the issue has been addressed.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-15324. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart