Skip to content

TAN-2025-012

Tanium addressed an improper input validation vulnerability in Deploy.

Severity: High

Base Score: 8.8

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Impact

This vulnerability could allow an authenticated Tanium user with the "Deploy Deployment - Write" and "Deploy Software Package - Write" permissions to execute unauthorized code on all endpoints in the context of the Deploy.

Products Affected

7.4 and 7.5 Release:

  • Deploy prior to version v2.26.1279.

2024H1 Release:

  • Deploy prior to Update 14 (v2.26.1279).

2024H2 Release:

  • Deploy prior to Update 3 (v2.30.175).

Available Updates

7.4 and 7.5 Release:

  • Deploy version v2.26.1279 and later.

2024H1 Release:

  • Update 14 (Deploy v2.26.1279) and later.

2024H2 Release:

  • Update 3 (Deploy v2.30.175) and later.

Workaround and Mitigations

None.

Acknowledgements

None.