Skip to content

TAN-2025-021

Tanium addressed a local privilege escalation vulnerability in Endpoint Configuration Toolset Solution.

Severity: High

Base Score: 7.8

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Impact

This vulnerability could allow an attacker with access to a Windows system running the Tanium Client to achieve local privilege escalation writing to a file in a user-controlled location.

Products Affected

2024H1 Release:

  • Endpoint Configuration Toolset Solution prior to Update 21 (v1.40.54).

2024H2 Release:

  • Endpoint Configuration Toolset Solution prior to Update 10 (v1.47.22).

2025H1 Release:

  • Endpoint Configuration Toolset Solution prior to Update 4 (v1.51.11).

Vulnerable tool versions:

  • Patch 3.17 prior to version 3.17.10207

  • Patch 10.1 prior to version 10.1.50

  • Patch 10.7 prior to version 10.7.25

  • Patch 10.9 prior to version 10.9.31

  • Patch 10.11 prior to version 10.11.27

Available Updates

2024H1 Release:

  • Update 21 (Endpoint Configuration Toolset Solution v1.40.54) and later

2024H2 Release:

  • Update 10 (Endpoint Configuration Toolset Solution v1.47.22) and later

2025H1 Release:

  • Update 4 (Endpoint Configuration Toolset Solution v1.51.11) and later

In addition to upgrading all impacted software, Tanium on-prem customers should use Change Management in Endpoint Configuration to deploy one of the following Manifests to all endpoints:

  • 2.2.153 or later

  • 2.9.53 or later

  • 2.13.24 or later

Tanium Cloud customers should use Change Management in Endpoint Configuration to deploy one of the following Manifests to all endpoints:

  • 2.14.28 or later

  • 2.16.41 or later

  • 2.18.25 or later

Workaround and Mitigations

None.

Acknowledgements

Tanium would like to thank Owen Jeanes for responsibly reporting this issue.