Skip to content

TAN-2025-035

Tanium addressed a SQL injection vulnerability in Asset.

Severity: Medium

Base Score: 6.3

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Impact

This vulnerability could allow an authenticated Tanium user with the "Asset API - Write" permission to tamper with the SQL query executed by the Asset service.

Products Affected

2024H1 Release:

  • Asset prior to Update 27 (v1.28.254).

2024H2 Release:

  • Asset prior to Update 16 (v1.32.161).

2025H1 Release:

  • Asset prior to Update 10 (v1.33.250).

Available Updates

2024H1 Release:

  • Update 27 (Asset v1.28.254) and later.

2024H2 Release:

  • Update 16 (Asset v1.32.161) and later.

2025H1 Release:

  • Update 10 (Asset v1.33.250) and later.

Workaround and Mitigations

None.

Acknowledgements

None.