Skip to content

TAN-2025-007

Tanium addressed an improper link resolution before file access vulnerability in Enforce.

Severity: Medium

Base Score: 5.0

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

Impact

This vulnerability could allow an attacker with access to a system running the Tanium Client to gain read-only access to data they should not have access to.

Products Affected

7.4 and 7.5 Release:

  • Enforce prior to version 2.7.314.

2024H1 Release:

  • Enforce prior to Update 12 (v2.7.314).

2024H2 Release:

  • Enforce prior to Update 2 (v2.8.544).

Available Updates

7.4 and 7.5 Release:

  • Enforce version 2.7.314 and later.

2024H1 Release:

  • Update 12 (Enforce v2.7.314) and later.

2024H2 Release:

  • Update 2 (Enforce v2.8.544) and later.

Workaround and Mitigations

None.

Acknowledgements

None.