Skip to content

TAN-2025-001

Tanium addressed a local privilege escalation vulnerability in Patch.

Severity: High

Base Score: 7.8

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Impact

This vulnerability could allow an attacker with access to a system running the Tanium Client to achieve local privilege escalation when a file is deleted from or written to a user-controlled location.

Products Affected

Patch prior to version 3.17.2261.

Endpoint Configuration Toolset Solution prior to version 1.40.37.

Endpoint tools affected:

Patch endpoint tools 3.17 prior to version 3.17.10195

Patch endpoint tools 10.1 prior to version 10.1.33

Patch endpoint tools 10.2 prior to version 10.2.22

Available Updates

Patch version 3.17.2261 and later.

Endpoint Configuration Toolset Solution version 1.40.37 and later.

In addition to upgrading all impacted software, Tanium on-prem customers who are on SARH1 should take the following action:

  • Use Change Management in Endpoint Configuration to deploy Manifest version 2.2.112 and later to all endpoints

In addition to upgrading all impacted software, Tanium on-prem customers who are on SARH2 should take the following action:

  • Use Change Management in Endpoint Configuration to deploy Manifest version 2.9.16 and later to all endpoints

Tanium Cloud customers who use ECM should take one of the following actions:

  • Use Change Management in Endpoint Configuration to deploy Manifest 2.10 version 2.10.19 and later to all endpoints

  • Use Change Management in Endpoint Configuration to deploy Manifest 2.7 version 2.7.56 and later to all endpoints

Workaround and Mitigations

None.

Acknowledgements

Tanium would like to thank Filip Magic for responsibly reporting this issue.