Skip to content

TAN-2025-024

Tanium addressed an improper input validation vulnerability in Tanium Appliance.

Severity: Low

Base Score: 2.7

Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

Impact

This vulnerability could allow an authenticated TanOS user with the tanadmin role to gain read-only access to data they should not have access to.

Products Affected

2024H1 Release:

  • Tanium Appliance prior to Update 22 (v1.8.3.0196).

2024H2 Release:

  • Tanium Appliance prior to Update 11 (v1.8.4.0199).

2025H1 Release:

  • Tanium Appliance prior to Update 5 (v1.8.5.0227).

Available Updates

2024H1 Release:

  • Update 22 (Tanium Appliance v1.8.3.0196) and later.

2024H2 Release:

  • Update 11 (Tanium Appliance v1.8.4.0199) and later.

2025H1 Release:

  • Update 5 (Tanium Appliance v1.8.5.0227) and later.

Workaround and Mitigations

None.

Acknowledgements

Tanium would like to thank Filip Waeytens, Frank Lycops, Jean-Michel Huguet, Jorge Escabias and Justin Hocquel from the NCIA/NCSC for responsibly reporting this issue.