Skip to content

TAN-2026-009

Tanium addressed a local privilege escalation vulnerability (CVE-2025-15467).

Severity: High

Base Score: 7.8

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Impact

This vulnerability could allow an attacker with access to a system running the Tanium Client to achieve local privilege escalation when maliciously crafted cryptographic content is parsed.

Products Affected

2024H2 Release:

  • Endpoint Configuration Toolset Solution prior to Update 21 (v1.47.47)

2025H1 Release:

  • Endpoint Configuration Toolset Solution prior to Update 14 (v1.51.37)

2025H2 Release:

  • Endpoint Configuration Toolset Solution prior to Update 5 (v1.59.26)

Available Updates

2024H2 Release:

  • Update 21 (Endpoint Configuration Toolset Solution v1.47.47) and later

2025H1 Release:

  • Update 14 (Endpoint Configuration Toolset Solution v1.51.37) and later

2025H2 Release:

  • Update 5 (Endpoint Configuration Toolset Solution v1.59.26) and later

Workaround and Mitigations

None.

Acknowledgements

None.