Skip to content

TAN-2026-009

Tanium addressed a local privilege escalation vulnerability (CVE-2025-11187).

Severity: High

Base Score: 7.8

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Impact

This vulnerability could allow an attacker with access to a system running the Tanium Client to achieve local privilege escalation when maliciously crafted cryptographic content is parsed.

Products Affected

2024H2 Release:

  • Endpoint Configuration Toolset Solution prior to Update 21 (v1.47.47)

2025H1 Release:

  • Endpoint Configuration Toolset Solution prior to Update 14 (v1.51.37)

2025H2 Release:

  • Endpoint Configuration Toolset Solution prior to Update 5 (v1.59.26)

Vulnerable tool versions:

  • core-cx 2.13 prior to 2.13.186

  • core-cx 2.15 prior to 2.15.1330

  • core-cx 2.18 prior to 2.18.460

Available Updates

2024H2 Release:

  • Update 21 (Endpoint Configuration Toolset Solution v1.47.47) and later

2025H1 Release:

  • Update 14 (Endpoint Configuration Toolset Solution v1.51.37) and later

2025H2 Release:

  • Update 5 (Endpoint Configuration Toolset Solution v1.59.26) and later

In addition to upgrading all impacted software, Tanium on-prem customers who use ECM should use Change Management in Endpoint Configuration to deploy one of the following Manifests to all endpoints:

  • 2.9.140 or later

  • 2.13.113 or later

  • 2.21.102 or later

Tanium Cloud customers who use ECM should use Change Management in Endpoint Configuration to deploy one of the following Manifests to all endpoints:

  • 2.26.113 or later

Workaround and Mitigations

None.

Acknowledgements

None.