Skip to content

TAN-2025-031

Tanium addressed an improper certificate validation vulnerability in Tanium Appliance.

Severity: Low

Base Score: 3.7

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Impact

This vulnerability could allow an unauthenticated, network-based attacker to view or tamper with log data when a remote syslog destination is configured to use TLS.

Products Affected

2024H1 Release:

  • Tanium Appliance prior to Update 24 (v1.8.3.0199).

2024H2 Release:

  • Tanium Appliance prior to Update 12 (v1.8.4.0205).

2025H1 Release:

  • Tanium Appliance prior to Update 6 (v1.8.5.0236).

Available Updates

2024H1 Release:

  • Update 24 (Tanium Appliance v1.8.3.0199) and later.

2024H2 Release:

  • Update 12 (Tanium Appliance v1.8.4.0205) and later.

2025H1 Release:

  • Update 6 (Tanium Appliance v1.8.5.0236) and later.

Workaround and Mitigations

None.

Acknowledgements

None.