Skip to content

TAN-2025-028

Tanium addressed an improper access controls vulnerability in Tanium Server.

Severity: Medium

Base Score: 4.3

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Impact

This vulnerability could allow authenticated Tanium user with the 'Ask Dynamic Questions' permission to gain read-only access to data they should not have access to.

Products Affected

2024H1 Release:

  • Tanium Server prior to Update 22 (v7.6.2.1327).

2024H2 Release:

  • Tanium Server prior to Update 11 (v7.6.4.2160).

2025H1 Release:

  • Tanium Server prior to Update 5 (v7.7.3.8231).

Available Updates

2024H1 Release:

  • Update 22 (Tanium Server v7.6.2.1327) and later.

2024H2 Release:

  • Update 11 (Tanium Server v7.6.4.2160) and later.

2025H1 Release:

  • Update 5 (Tanium Server v7.7.3.8231) and later.

Workaround and Mitigations

None.

Acknowledgements

None.