Skip to content

TAN-2025-004

Tanium addressed a local privilege escalation vulnerability in Engage.

Severity: Medium

Base Score: 6.6

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H

Impact

This vulnerability could allow an attacker with access to a system running the Tanium Client to achieve local privilege escalation when a file is deleted from or written to a user-controlled location.

Products Affected

Engage 1.3 prior to version 1.3.37.

Engage 1.6 prior to version 1.6.193.

Available Updates

Engage version 1.3.37 and later.

Engage version 1.6.193 and later.

Workaround and Mitigations

None.

Acknowledgements

None.