Skip to content

Tanium Security Advisories

TAN-2025-036

Metadata
- November 18, 2025

TAN-2025-036

Summary

Tanium addressed an arbitrary file deletion vulnerability in TanOS.

Severity: Medium

CVSSv3 Score: 5.6
CVSSv3 Vector: AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:L

Impact

This vulnerability could allow a TanOS user authenticated as "tanadmin" to delete arbitrary files on the Tanium Server.

Products Affected

2024H2 Release:

TanOS prior to Update 16 (v1.8.4.0229)

2025H1 Release:

TanOS prior to Update 10 (v1.8.5.0262)

Available Updates

2024H2 Release:

Update 16 (TanOS v1.8.4.0229) and later

2025H1 Release:

Update 10 (TanOS v1.8.5.0262) and later

2025H2 Release:

Update 0 (TanOS v1.8.6.0124) and later

Workaround and Mitigations

None.

Acknowledgements

None