Skip to content

TAN-2025-011

Tanium addressed a local privilege escalation vulnerability in Tanium Server and Tanium Module Server.

Severity: Medium

Base Score: 6.7

Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Impact

This vulnerability could allow an attacker with low privileged access to an Appliance to achieve local privilege escalation when invoking specific plugins.

Products Affected

7.4 and 7.5 Release:

  • Tanium Module Server 7.4.6 prior to version 7.4.6.1151.

  • Tanium Server 7.4.6 prior to version 7.4.6.1151.

  • Tanium Module Server 7.5.6 prior to version 7.5.6.1161.

  • Tanium Server 7.5.6 prior to version 7.5.6.1161.

2024H1 Release:

  • Tanium Module Server prior to Update 12 (v7.6.2.1293).

  • Tanium Server prior to Update 12 (v7.6.2.1293).

2024H2 Release:

  • Tanium Module Server prior to Update 2 (v7.6.4.2114).

  • Tanium Server prior to Update 2 (v7.6.4.2114).

Available Updates

7.4 and 7.5 Release:

  • Tanium Module Server version 7.4.6.1151 and later.

  • Tanium Server version 7.4.6.1151 and later.

  • Tanium Module Server version 7.5.6.1161 and later.

  • Tanium Server version 7.5.6.1161 and later.

2024H1 Release:

  • Update 12 (Tanium Module Server v7.6.2.1293, Tanium Server v7.6.2.1293) and later.

2024H2 Release:

  • Update 2 (Tanium Module Server v7.6.4.2114, Tanium Server v7.6.4.2114) and later.

Workaround and Mitigations

None.

Acknowledgements

None.