CVE-2025-15328
Unknown Unknown - Not Provided
Improper Link Resolution Vulnerability in Tanium Enforce

Publication date: 2026-02-05

Last updated on: 2026-02-10

Assigner: Tanium

Description
Tanium addressed an improper link resolution before file access vulnerability in Enforce.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-05
Last Modified
2026-02-10
Generated
2026-06-16
AI Q&A
2026-02-05
EPSS Evaluated
2026-06-14
NVD
CVE-2025-15328
EUVD
EUVD-2025-206835
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
enforce enforce From 2.7.0 (inc) to 2.7.314 (exc)
enforce enforce From 2.8.0 (inc) to 2.8.544 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-59 The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-15328 is a medium-severity vulnerability in Tanium Enforce that involves improper link resolution before file access.

This flaw allows an attacker with local access to a system running the Tanium Client to gain unauthorized read-only access to sensitive data.

The vulnerability requires low attack complexity, low privileges, and user interaction, and the attack vector is local.

Impact Analysis

This vulnerability can impact you by allowing an attacker with local access and low privileges to read sensitive data without authorization.

Since the attacker gains read-only access, confidential information could be exposed, potentially leading to data breaches or information leakage.

There are no known workarounds or mitigations, so affected systems should be updated to fixed versions to prevent exploitation.

Compliance Impact

I don't know

Detection Guidance

There is no specific information provided about detection methods or commands to identify this vulnerability on your network or system.

Mitigation Strategies

To mitigate this vulnerability, you should upgrade Tanium Enforce to a fixed version. The fixed versions include Enforce 2.7.314 and later for 7.4 and 7.5 releases, Update 12 (v2.7.314) for the 2024H1 release, and Update 2 (v2.8.544) for the 2024H2 release.

There are no known workarounds or mitigations other than upgrading to a fixed version.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-15328. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart