Search criteria
17 vulnerabilities found for TanOS by Tanium
CVE-2026-2605 (GCVE-0-2026-2605)
Vulnerability from nvd – Published: 2026-02-19 23:10 – Updated: 2026-03-02 15:51
VLAI
Title
Tanium addressed an insertion of sensitive information into log file vulnerability in TanOS.
Summary
Tanium addressed an insertion of sensitive information into log file vulnerability in TanOS.
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-532 - Insertion of Sensitive Information into Log File
Assigner
References
1 reference
Impacted products
1 product
Date Public
2026-02-19 23:09
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-2605",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-02T15:51:21.997907Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-02T15:51:41.710Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:tanium:tanos:1.8.4.0249:*:*:*:*:*:*:*",
"cpe:2.3:a:tanium:tanos:1.8.5.0282:*:*:*:*:*:*:*",
"cpe:2.3:a:tanium:tanos:1.8.6.0150:*:*:*:*:*:*:*"
],
"product": "TanOS",
"vendor": "Tanium",
"versions": [
{
"lessThan": "1.8.4.0249",
"status": "affected",
"version": "1.8.4",
"versionType": "custom"
},
{
"lessThan": "1.8.5.0282",
"status": "affected",
"version": "1.8.5",
"versionType": "custom"
},
{
"lessThan": "1.8.6.0150",
"status": "affected",
"version": "1.8.6",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2026-02-16T21:37:14.785Z",
"datePublic": "2026-02-19T23:09:49.159Z",
"descriptions": [
{
"lang": "en",
"value": "Tanium addressed an insertion of sensitive information into log file vulnerability in TanOS."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "Insertion of Sensitive Information into Log File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-19T23:13:38.465Z",
"orgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"shortName": "Tanium"
},
"references": [
{
"name": "TAN-2026-006",
"url": "https://security.tanium.com/TAN-2026-006"
}
],
"title": "Tanium addressed an insertion of sensitive information into log file vulnerability in TanOS."
}
},
"cveMetadata": {
"assignerOrgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"assignerShortName": "Tanium",
"cveId": "CVE-2026-2605",
"datePublished": "2026-02-19T23:10:02.867Z",
"dateReserved": "2026-02-16T21:37:15.555Z",
"dateUpdated": "2026-03-02T15:51:41.710Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-15311 (GCVE-0-2025-15311)
Vulnerability from nvd – Published: 2026-02-05 18:26 – Updated: 2026-02-06 19:01
VLAI
Title
Tanium addressed an unauthorized code execution vulnerability in Tanium Appliance.
Summary
Tanium addressed an unauthorized code execution vulnerability in Tanium Appliance.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-150 - Improper Neutralization of Escape, Meta, or Control Sequences
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Tanium | Tanium Appliance |
Affected:
1.8.3.0 , < 1.8.3.0146
(custom)
Affected: 1.8.4.0 , < 1.8.4.0149 (custom) Affected: 1.8.5.0 , < 1.8.5.0212 (custom) cpe:2.3:a:tanium:tanos:1.8.3.0145:*:*:*:*:*:*:* cpe:2.3:a:tanium:tanos:1.8.4.0148:*:*:*:*:*:*:* cpe:2.3:a:tanium:tanos:1.8.5.0211:*:*:*:*:*:*:* |
Date Public
2025-01-22 00:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-15311",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-06T19:01:19.848854Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-06T19:01:30.739Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:tanium:tanos:1.8.3.0145:*:*:*:*:*:*:*",
"cpe:2.3:a:tanium:tanos:1.8.4.0148:*:*:*:*:*:*:*",
"cpe:2.3:a:tanium:tanos:1.8.5.0211:*:*:*:*:*:*:*"
],
"product": "Tanium Appliance",
"vendor": "Tanium",
"versions": [
{
"lessThan": "1.8.3.0146",
"status": "affected",
"version": "1.8.3.0",
"versionType": "custom"
},
{
"lessThan": "1.8.4.0149",
"status": "affected",
"version": "1.8.4.0",
"versionType": "custom"
},
{
"lessThan": "1.8.5.0212",
"status": "affected",
"version": "1.8.5.0",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2025-12-29T23:12:52.865Z",
"datePublic": "2025-01-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Tanium addressed an unauthorized code execution vulnerability in Tanium Appliance."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-150",
"description": "Improper Neutralization of Escape, Meta, or Control Sequences",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-05T18:26:23.251Z",
"orgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"shortName": "Tanium"
},
"references": [
{
"name": "TAN-2025-002",
"url": "https://security.tanium.com/TAN-2025-002"
}
],
"title": "Tanium addressed an unauthorized code execution vulnerability in Tanium Appliance."
}
},
"cveMetadata": {
"assignerOrgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"assignerShortName": "Tanium",
"cveId": "CVE-2025-15311",
"datePublished": "2026-02-05T18:26:23.251Z",
"dateReserved": "2025-12-29T23:12:53.054Z",
"dateUpdated": "2026-02-06T19:01:30.739Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-15312 (GCVE-0-2025-15312)
Vulnerability from nvd – Published: 2026-02-05 18:26 – Updated: 2026-02-06 19:02
VLAI
Title
Tanium addressed an improper output sanitization vulnerability in TanOS.
Summary
Tanium addressed an improper output sanitization vulnerability in Tanium Appliance.
Severity
6.6 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-116 - Improper Encoding or Escaping of Output
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Tanium | Tanium Appliance |
Affected:
1.8.3.0 , < 1.8.3.0146
(custom)
Affected: 1.8.4.0 , < 1.8.4.0157 (custom) cpe:2.3:a:tanium:tanos:1.8.3.0145:*:*:*:*:*:*:* cpe:2.3:a:tanium:tanos:1.8.4.0156:*:*:*:*:*:*:* |
Date Public
2025-01-22 00:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-15312",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-06T19:02:02.740803Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-06T19:02:11.979Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:tanium:tanos:1.8.3.0145:*:*:*:*:*:*:*",
"cpe:2.3:a:tanium:tanos:1.8.4.0156:*:*:*:*:*:*:*"
],
"product": "Tanium Appliance",
"vendor": "Tanium",
"versions": [
{
"lessThan": "1.8.3.0146",
"status": "affected",
"version": "1.8.3.0",
"versionType": "custom"
},
{
"lessThan": "1.8.4.0157",
"status": "affected",
"version": "1.8.4.0",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2025-12-29T23:12:53.375Z",
"datePublic": "2025-01-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Tanium addressed an improper output sanitization vulnerability in Tanium Appliance."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-116",
"description": "Improper Encoding or Escaping of Output",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-05T18:26:06.378Z",
"orgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"shortName": "Tanium"
},
"references": [
{
"name": "TAN-2025-003",
"url": "https://security.tanium.com/TAN-2025-003"
}
],
"title": "Tanium addressed an improper output sanitization vulnerability in TanOS."
}
},
"cveMetadata": {
"assignerOrgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"assignerShortName": "Tanium",
"cveId": "CVE-2025-15312",
"datePublished": "2026-02-05T18:26:06.378Z",
"dateReserved": "2025-12-29T23:12:53.559Z",
"dateUpdated": "2026-02-06T19:02:11.979Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-15321 (GCVE-0-2025-15321)
Vulnerability from nvd – Published: 2026-02-05 18:20 – Updated: 2026-02-06 17:37
VLAI
Title
Tanium addressed an improper input validation vulnerability in Tanium Appliance.
Summary
Tanium addressed an improper input validation vulnerability in Tanium Appliance.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-426 - Untrusted Search Path
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Tanium | Tanium Appliance |
Affected:
1.8.3.0 , < 1.8.3.0196
(custom)
Affected: 1.8.5.0 , < 1.8.5.0199 (custom) Affected: 1.8.5.0 , < 1.8.5.0227 (custom) cpe:2.3:a:tanium:tanos:1.8.3.0195:*:*:*:*:*:*:* cpe:2.3:a:tanium:tanos:1.8.5.0198:*:*:*:*:*:*:* cpe:2.3:a:tanium:tanos:1.8.5.0226:*:*:*:*:*:*:* |
Date Public
2025-08-19 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-15321",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-06T17:37:17.139008Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-06T17:37:27.718Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:tanium:tanos:1.8.3.0195:*:*:*:*:*:*:*",
"cpe:2.3:a:tanium:tanos:1.8.5.0198:*:*:*:*:*:*:*",
"cpe:2.3:a:tanium:tanos:1.8.5.0226:*:*:*:*:*:*:*"
],
"product": "Tanium Appliance",
"vendor": "Tanium",
"versions": [
{
"lessThan": "1.8.3.0196",
"status": "affected",
"version": "1.8.3.0",
"versionType": "custom"
},
{
"lessThan": "1.8.5.0199",
"status": "affected",
"version": "1.8.5.0",
"versionType": "custom"
},
{
"lessThan": "1.8.5.0227",
"status": "affected",
"version": "1.8.5.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Filip Waeytens"
},
{
"lang": "en",
"type": "reporter",
"value": "Frank Lycops"
},
{
"lang": "en",
"type": "reporter",
"value": "Jean-Michel Huguet"
},
{
"lang": "en",
"type": "reporter",
"value": "Jorge Escabias"
},
{
"lang": "en",
"type": "reporter",
"value": "Justin Hocquel from NCIA/NCSC"
}
],
"dateAssigned": "2025-12-29T23:13:00.595Z",
"datePublic": "2025-08-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Tanium addressed an improper input validation vulnerability in Tanium Appliance."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 2.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-426",
"description": "Untrusted Search Path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-05T18:20:39.404Z",
"orgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"shortName": "Tanium"
},
"references": [
{
"name": "TAN-2025-024",
"url": "https://security.tanium.com/TAN-2025-024"
}
],
"title": "Tanium addressed an improper input validation vulnerability in Tanium Appliance."
}
},
"cveMetadata": {
"assignerOrgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"assignerShortName": "Tanium",
"cveId": "CVE-2025-15321",
"datePublished": "2026-02-05T18:20:39.404Z",
"dateReserved": "2025-12-29T23:13:00.749Z",
"dateUpdated": "2026-02-06T17:37:27.718Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-15323 (GCVE-0-2025-15323)
Vulnerability from nvd – Published: 2026-02-05 18:12 – Updated: 2026-02-06 19:20
VLAI
Title
Tanium addressed an improper certificate validation vulnerability in Tanium Appliance.
Summary
Tanium addressed an improper certificate validation vulnerability in Tanium Appliance.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-295 - Improper Certificate Validation
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Tanium | Tanium Appliance |
Affected:
1.8.3.0 , < 1.8.3.0199
(custom)
Affected: 1.8.4.0 , < 1.8.4.0205 (custom) Affected: 1.8.5.0 , < 1.8.5.0236 (custom) cpe:2.3:a:tanium:tanos:1.8.3.0198:*:*:*:*:*:*:* cpe:2.3:a:tanium:tanos:1.8.4.0204:*:*:*:*:*:*:* cpe:2.3:a:tanium:tanos:1.8.5.0235:*:*:*:*:*:*:* |
Date Public
2025-10-02 00:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-15323",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-06T19:20:26.658499Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-06T19:20:34.565Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:tanium:tanos:1.8.3.0198:*:*:*:*:*:*:*",
"cpe:2.3:a:tanium:tanos:1.8.4.0204:*:*:*:*:*:*:*",
"cpe:2.3:a:tanium:tanos:1.8.5.0235:*:*:*:*:*:*:*"
],
"product": "Tanium Appliance",
"vendor": "Tanium",
"versions": [
{
"lessThan": "1.8.3.0199",
"status": "affected",
"version": "1.8.3.0",
"versionType": "custom"
},
{
"lessThan": "1.8.4.0205",
"status": "affected",
"version": "1.8.4.0",
"versionType": "custom"
},
{
"lessThan": "1.8.5.0236",
"status": "affected",
"version": "1.8.5.0",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2025-12-29T23:13:02.561Z",
"datePublic": "2025-10-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Tanium addressed an improper certificate validation vulnerability in Tanium Appliance."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-05T18:12:21.517Z",
"orgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"shortName": "Tanium"
},
"references": [
{
"name": "TAN-2025-031",
"url": "https://security.tanium.com/TAN-2025-031"
}
],
"title": "Tanium addressed an improper certificate validation vulnerability in Tanium Appliance."
}
},
"cveMetadata": {
"assignerOrgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"assignerShortName": "Tanium",
"cveId": "CVE-2025-15323",
"datePublished": "2026-02-05T18:12:21.517Z",
"dateReserved": "2025-12-29T23:13:02.858Z",
"dateUpdated": "2026-02-06T19:20:34.565Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-13225 (GCVE-0-2025-13225)
Vulnerability from nvd – Published: 2025-11-19 02:44 – Updated: 2026-02-05 18:08
VLAI
Title
Tanium addressed an arbitrary file deletion vulnerability in TanOS.
Summary
Tanium addressed an arbitrary file deletion vulnerability in TanOS.
Severity
5.6 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-552 - Files or Directories Accessible to External Parties
Assigner
References
1 reference
Impacted products
Date Public
2025-11-18 23:53
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-13225",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-19T18:48:19.485366Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-552",
"description": "CWE-552 Files or Directories Accessible to External Parties",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-19T18:48:30.818Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:tanium:tanos:1.8.4.0228:*:*:*:*:*:*:*",
"cpe:2.3:a:tanium:tanos:1.8.5.0261:*:*:*:*:*:*:*"
],
"product": "TanOS",
"vendor": "Tanium",
"versions": [
{
"lessThan": "1.8.4.0229",
"status": "affected",
"version": "1.8.4",
"versionType": "custom"
},
{
"lessThan": "1.8.5.0262",
"status": "affected",
"version": "1.8.5",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2025-11-14T18:09:22.035Z",
"datePublic": "2025-11-18T23:53:45.523Z",
"descriptions": [
{
"lang": "en",
"value": "Tanium addressed an arbitrary file deletion vulnerability in TanOS."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:L",
"version": "3.1"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-05T18:08:22.929Z",
"orgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"shortName": "Tanium"
},
"references": [
{
"name": "TAN-2025-036",
"url": "https://security.tanium.com/TAN-2025-036"
}
],
"title": "Tanium addressed an arbitrary file deletion vulnerability in TanOS."
}
},
"cveMetadata": {
"assignerOrgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"assignerShortName": "Tanium",
"cveId": "CVE-2025-13225",
"datePublished": "2025-11-19T02:44:55.622Z",
"dateReserved": "2025-11-15T00:07:09.359Z",
"dateUpdated": "2026-02-05T18:08:22.929Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-2605 (GCVE-0-2026-2605)
Vulnerability from cvelistv5 – Published: 2026-02-19 23:10 – Updated: 2026-03-02 15:51
VLAI
Title
Tanium addressed an insertion of sensitive information into log file vulnerability in TanOS.
Summary
Tanium addressed an insertion of sensitive information into log file vulnerability in TanOS.
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-532 - Insertion of Sensitive Information into Log File
Assigner
References
1 reference
Impacted products
1 product
Date Public
2026-02-19 23:09
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-2605",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-02T15:51:21.997907Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-02T15:51:41.710Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:tanium:tanos:1.8.4.0249:*:*:*:*:*:*:*",
"cpe:2.3:a:tanium:tanos:1.8.5.0282:*:*:*:*:*:*:*",
"cpe:2.3:a:tanium:tanos:1.8.6.0150:*:*:*:*:*:*:*"
],
"product": "TanOS",
"vendor": "Tanium",
"versions": [
{
"lessThan": "1.8.4.0249",
"status": "affected",
"version": "1.8.4",
"versionType": "custom"
},
{
"lessThan": "1.8.5.0282",
"status": "affected",
"version": "1.8.5",
"versionType": "custom"
},
{
"lessThan": "1.8.6.0150",
"status": "affected",
"version": "1.8.6",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2026-02-16T21:37:14.785Z",
"datePublic": "2026-02-19T23:09:49.159Z",
"descriptions": [
{
"lang": "en",
"value": "Tanium addressed an insertion of sensitive information into log file vulnerability in TanOS."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "Insertion of Sensitive Information into Log File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-19T23:13:38.465Z",
"orgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"shortName": "Tanium"
},
"references": [
{
"name": "TAN-2026-006",
"url": "https://security.tanium.com/TAN-2026-006"
}
],
"title": "Tanium addressed an insertion of sensitive information into log file vulnerability in TanOS."
}
},
"cveMetadata": {
"assignerOrgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"assignerShortName": "Tanium",
"cveId": "CVE-2026-2605",
"datePublished": "2026-02-19T23:10:02.867Z",
"dateReserved": "2026-02-16T21:37:15.555Z",
"dateUpdated": "2026-03-02T15:51:41.710Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-15311 (GCVE-0-2025-15311)
Vulnerability from cvelistv5 – Published: 2026-02-05 18:26 – Updated: 2026-02-06 19:01
VLAI
Title
Tanium addressed an unauthorized code execution vulnerability in Tanium Appliance.
Summary
Tanium addressed an unauthorized code execution vulnerability in Tanium Appliance.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-150 - Improper Neutralization of Escape, Meta, or Control Sequences
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Tanium | Tanium Appliance |
Affected:
1.8.3.0 , < 1.8.3.0146
(custom)
Affected: 1.8.4.0 , < 1.8.4.0149 (custom) Affected: 1.8.5.0 , < 1.8.5.0212 (custom) cpe:2.3:a:tanium:tanos:1.8.3.0145:*:*:*:*:*:*:* cpe:2.3:a:tanium:tanos:1.8.4.0148:*:*:*:*:*:*:* cpe:2.3:a:tanium:tanos:1.8.5.0211:*:*:*:*:*:*:* |
Date Public
2025-01-22 00:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-15311",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-06T19:01:19.848854Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-06T19:01:30.739Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:tanium:tanos:1.8.3.0145:*:*:*:*:*:*:*",
"cpe:2.3:a:tanium:tanos:1.8.4.0148:*:*:*:*:*:*:*",
"cpe:2.3:a:tanium:tanos:1.8.5.0211:*:*:*:*:*:*:*"
],
"product": "Tanium Appliance",
"vendor": "Tanium",
"versions": [
{
"lessThan": "1.8.3.0146",
"status": "affected",
"version": "1.8.3.0",
"versionType": "custom"
},
{
"lessThan": "1.8.4.0149",
"status": "affected",
"version": "1.8.4.0",
"versionType": "custom"
},
{
"lessThan": "1.8.5.0212",
"status": "affected",
"version": "1.8.5.0",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2025-12-29T23:12:52.865Z",
"datePublic": "2025-01-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Tanium addressed an unauthorized code execution vulnerability in Tanium Appliance."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-150",
"description": "Improper Neutralization of Escape, Meta, or Control Sequences",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-05T18:26:23.251Z",
"orgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"shortName": "Tanium"
},
"references": [
{
"name": "TAN-2025-002",
"url": "https://security.tanium.com/TAN-2025-002"
}
],
"title": "Tanium addressed an unauthorized code execution vulnerability in Tanium Appliance."
}
},
"cveMetadata": {
"assignerOrgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"assignerShortName": "Tanium",
"cveId": "CVE-2025-15311",
"datePublished": "2026-02-05T18:26:23.251Z",
"dateReserved": "2025-12-29T23:12:53.054Z",
"dateUpdated": "2026-02-06T19:01:30.739Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-15312 (GCVE-0-2025-15312)
Vulnerability from cvelistv5 – Published: 2026-02-05 18:26 – Updated: 2026-02-06 19:02
VLAI
Title
Tanium addressed an improper output sanitization vulnerability in TanOS.
Summary
Tanium addressed an improper output sanitization vulnerability in Tanium Appliance.
Severity
6.6 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-116 - Improper Encoding or Escaping of Output
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Tanium | Tanium Appliance |
Affected:
1.8.3.0 , < 1.8.3.0146
(custom)
Affected: 1.8.4.0 , < 1.8.4.0157 (custom) cpe:2.3:a:tanium:tanos:1.8.3.0145:*:*:*:*:*:*:* cpe:2.3:a:tanium:tanos:1.8.4.0156:*:*:*:*:*:*:* |
Date Public
2025-01-22 00:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-15312",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-06T19:02:02.740803Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-06T19:02:11.979Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:tanium:tanos:1.8.3.0145:*:*:*:*:*:*:*",
"cpe:2.3:a:tanium:tanos:1.8.4.0156:*:*:*:*:*:*:*"
],
"product": "Tanium Appliance",
"vendor": "Tanium",
"versions": [
{
"lessThan": "1.8.3.0146",
"status": "affected",
"version": "1.8.3.0",
"versionType": "custom"
},
{
"lessThan": "1.8.4.0157",
"status": "affected",
"version": "1.8.4.0",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2025-12-29T23:12:53.375Z",
"datePublic": "2025-01-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Tanium addressed an improper output sanitization vulnerability in Tanium Appliance."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-116",
"description": "Improper Encoding or Escaping of Output",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-05T18:26:06.378Z",
"orgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"shortName": "Tanium"
},
"references": [
{
"name": "TAN-2025-003",
"url": "https://security.tanium.com/TAN-2025-003"
}
],
"title": "Tanium addressed an improper output sanitization vulnerability in TanOS."
}
},
"cveMetadata": {
"assignerOrgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"assignerShortName": "Tanium",
"cveId": "CVE-2025-15312",
"datePublished": "2026-02-05T18:26:06.378Z",
"dateReserved": "2025-12-29T23:12:53.559Z",
"dateUpdated": "2026-02-06T19:02:11.979Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-15321 (GCVE-0-2025-15321)
Vulnerability from cvelistv5 – Published: 2026-02-05 18:20 – Updated: 2026-02-06 17:37
VLAI
Title
Tanium addressed an improper input validation vulnerability in Tanium Appliance.
Summary
Tanium addressed an improper input validation vulnerability in Tanium Appliance.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-426 - Untrusted Search Path
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Tanium | Tanium Appliance |
Affected:
1.8.3.0 , < 1.8.3.0196
(custom)
Affected: 1.8.5.0 , < 1.8.5.0199 (custom) Affected: 1.8.5.0 , < 1.8.5.0227 (custom) cpe:2.3:a:tanium:tanos:1.8.3.0195:*:*:*:*:*:*:* cpe:2.3:a:tanium:tanos:1.8.5.0198:*:*:*:*:*:*:* cpe:2.3:a:tanium:tanos:1.8.5.0226:*:*:*:*:*:*:* |
Date Public
2025-08-19 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-15321",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-06T17:37:17.139008Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-06T17:37:27.718Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:tanium:tanos:1.8.3.0195:*:*:*:*:*:*:*",
"cpe:2.3:a:tanium:tanos:1.8.5.0198:*:*:*:*:*:*:*",
"cpe:2.3:a:tanium:tanos:1.8.5.0226:*:*:*:*:*:*:*"
],
"product": "Tanium Appliance",
"vendor": "Tanium",
"versions": [
{
"lessThan": "1.8.3.0196",
"status": "affected",
"version": "1.8.3.0",
"versionType": "custom"
},
{
"lessThan": "1.8.5.0199",
"status": "affected",
"version": "1.8.5.0",
"versionType": "custom"
},
{
"lessThan": "1.8.5.0227",
"status": "affected",
"version": "1.8.5.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Filip Waeytens"
},
{
"lang": "en",
"type": "reporter",
"value": "Frank Lycops"
},
{
"lang": "en",
"type": "reporter",
"value": "Jean-Michel Huguet"
},
{
"lang": "en",
"type": "reporter",
"value": "Jorge Escabias"
},
{
"lang": "en",
"type": "reporter",
"value": "Justin Hocquel from NCIA/NCSC"
}
],
"dateAssigned": "2025-12-29T23:13:00.595Z",
"datePublic": "2025-08-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Tanium addressed an improper input validation vulnerability in Tanium Appliance."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 2.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-426",
"description": "Untrusted Search Path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-05T18:20:39.404Z",
"orgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"shortName": "Tanium"
},
"references": [
{
"name": "TAN-2025-024",
"url": "https://security.tanium.com/TAN-2025-024"
}
],
"title": "Tanium addressed an improper input validation vulnerability in Tanium Appliance."
}
},
"cveMetadata": {
"assignerOrgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"assignerShortName": "Tanium",
"cveId": "CVE-2025-15321",
"datePublished": "2026-02-05T18:20:39.404Z",
"dateReserved": "2025-12-29T23:13:00.749Z",
"dateUpdated": "2026-02-06T17:37:27.718Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-15323 (GCVE-0-2025-15323)
Vulnerability from cvelistv5 – Published: 2026-02-05 18:12 – Updated: 2026-02-06 19:20
VLAI
Title
Tanium addressed an improper certificate validation vulnerability in Tanium Appliance.
Summary
Tanium addressed an improper certificate validation vulnerability in Tanium Appliance.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-295 - Improper Certificate Validation
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Tanium | Tanium Appliance |
Affected:
1.8.3.0 , < 1.8.3.0199
(custom)
Affected: 1.8.4.0 , < 1.8.4.0205 (custom) Affected: 1.8.5.0 , < 1.8.5.0236 (custom) cpe:2.3:a:tanium:tanos:1.8.3.0198:*:*:*:*:*:*:* cpe:2.3:a:tanium:tanos:1.8.4.0204:*:*:*:*:*:*:* cpe:2.3:a:tanium:tanos:1.8.5.0235:*:*:*:*:*:*:* |
Date Public
2025-10-02 00:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-15323",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-06T19:20:26.658499Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-06T19:20:34.565Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:tanium:tanos:1.8.3.0198:*:*:*:*:*:*:*",
"cpe:2.3:a:tanium:tanos:1.8.4.0204:*:*:*:*:*:*:*",
"cpe:2.3:a:tanium:tanos:1.8.5.0235:*:*:*:*:*:*:*"
],
"product": "Tanium Appliance",
"vendor": "Tanium",
"versions": [
{
"lessThan": "1.8.3.0199",
"status": "affected",
"version": "1.8.3.0",
"versionType": "custom"
},
{
"lessThan": "1.8.4.0205",
"status": "affected",
"version": "1.8.4.0",
"versionType": "custom"
},
{
"lessThan": "1.8.5.0236",
"status": "affected",
"version": "1.8.5.0",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2025-12-29T23:13:02.561Z",
"datePublic": "2025-10-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Tanium addressed an improper certificate validation vulnerability in Tanium Appliance."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-05T18:12:21.517Z",
"orgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"shortName": "Tanium"
},
"references": [
{
"name": "TAN-2025-031",
"url": "https://security.tanium.com/TAN-2025-031"
}
],
"title": "Tanium addressed an improper certificate validation vulnerability in Tanium Appliance."
}
},
"cveMetadata": {
"assignerOrgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"assignerShortName": "Tanium",
"cveId": "CVE-2025-15323",
"datePublished": "2026-02-05T18:12:21.517Z",
"dateReserved": "2025-12-29T23:13:02.858Z",
"dateUpdated": "2026-02-06T19:20:34.565Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-13225 (GCVE-0-2025-13225)
Vulnerability from cvelistv5 – Published: 2025-11-19 02:44 – Updated: 2026-02-05 18:08
VLAI
Title
Tanium addressed an arbitrary file deletion vulnerability in TanOS.
Summary
Tanium addressed an arbitrary file deletion vulnerability in TanOS.
Severity
5.6 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-552 - Files or Directories Accessible to External Parties
Assigner
References
1 reference
Impacted products
Date Public
2025-11-18 23:53
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-13225",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-19T18:48:19.485366Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-552",
"description": "CWE-552 Files or Directories Accessible to External Parties",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-19T18:48:30.818Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:tanium:tanos:1.8.4.0228:*:*:*:*:*:*:*",
"cpe:2.3:a:tanium:tanos:1.8.5.0261:*:*:*:*:*:*:*"
],
"product": "TanOS",
"vendor": "Tanium",
"versions": [
{
"lessThan": "1.8.4.0229",
"status": "affected",
"version": "1.8.4",
"versionType": "custom"
},
{
"lessThan": "1.8.5.0262",
"status": "affected",
"version": "1.8.5",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2025-11-14T18:09:22.035Z",
"datePublic": "2025-11-18T23:53:45.523Z",
"descriptions": [
{
"lang": "en",
"value": "Tanium addressed an arbitrary file deletion vulnerability in TanOS."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:L",
"version": "3.1"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-05T18:08:22.929Z",
"orgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"shortName": "Tanium"
},
"references": [
{
"name": "TAN-2025-036",
"url": "https://security.tanium.com/TAN-2025-036"
}
],
"title": "Tanium addressed an arbitrary file deletion vulnerability in TanOS."
}
},
"cveMetadata": {
"assignerOrgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"assignerShortName": "Tanium",
"cveId": "CVE-2025-13225",
"datePublished": "2025-11-19T02:44:55.622Z",
"dateReserved": "2025-11-15T00:07:09.359Z",
"dateUpdated": "2026-02-05T18:08:22.929Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
FKIE_CVE-2025-15311
Vulnerability from fkie_nvd - Published: 2026-02-05 19:15 - Updated: 2026-02-10 17:16
Severity
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Tanium addressed an unauthorized code execution vulnerability in Tanium Appliance.
References
| URL | Tags | ||
|---|---|---|---|
| 3938794e-25f5-4123-a1ba-5cbd7f104512 | https://security.tanium.com/TAN-2025-002 | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tanium:tanos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D6B0DFCF-5530-48D5-8A19-E9B8085B2762",
"versionEndExcluding": "1.8.3.0146",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Tanium addressed an unauthorized code execution vulnerability in Tanium Appliance."
},
{
"lang": "es",
"value": "Tanium abord\u00f3 una vulnerabilidad de ejecuci\u00f3n de c\u00f3digo no autorizada en Tanium Appliance."
}
],
"id": "CVE-2025-15311",
"lastModified": "2026-02-10T17:16:52.130",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2026-02-05T19:15:52.440",
"references": [
{
"source": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"tags": [
"Vendor Advisory"
],
"url": "https://security.tanium.com/TAN-2025-002"
}
],
"sourceIdentifier": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-150"
}
],
"source": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-15312
Vulnerability from fkie_nvd - Published: 2026-02-05 19:15 - Updated: 2026-02-10 17:17
Severity
6.6 (Medium) - CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
Tanium addressed an improper output sanitization vulnerability in Tanium Appliance.
References
| URL | Tags | ||
|---|---|---|---|
| 3938794e-25f5-4123-a1ba-5cbd7f104512 | https://security.tanium.com/TAN-2025-003 | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tanium:tanos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CD57BB7-35A2-4FB6-99E1-7F8A73A777CB",
"versionEndExcluding": "1.8.3.0146",
"versionStartIncluding": "1.8.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:tanium:tanos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "76B62A49-5930-4B6A-8DBF-F104FC370125",
"versionEndExcluding": "1.8.4.0157",
"versionStartIncluding": "1.8.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Tanium addressed an improper output sanitization vulnerability in Tanium Appliance."
},
{
"lang": "es",
"value": "Tanium abord\u00f3 una vulnerabilidad de sanitizaci\u00f3n de salida inadecuada en Tanium Appliance."
}
],
"id": "CVE-2025-15312",
"lastModified": "2026-02-10T17:17:42.060",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.7,
"impactScore": 5.9,
"source": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2026-02-05T19:15:52.587",
"references": [
{
"source": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"tags": [
"Vendor Advisory"
],
"url": "https://security.tanium.com/TAN-2025-003"
}
],
"sourceIdentifier": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-116"
}
],
"source": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-15321
Vulnerability from fkie_nvd - Published: 2026-02-05 19:15 - Updated: 2026-02-10 17:12
Severity
2.7 (Low) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
2.7 (Low) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
2.7 (Low) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
Summary
Tanium addressed an improper input validation vulnerability in Tanium Appliance.
References
| URL | Tags | ||
|---|---|---|---|
| 3938794e-25f5-4123-a1ba-5cbd7f104512 | https://security.tanium.com/TAN-2025-024 | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tanium:tanos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B7E571EB-E98A-4684-9F94-96C8CF78CA41",
"versionEndExcluding": "1.8.3.0196",
"versionStartIncluding": "1.8.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:tanium:tanos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B010E929-B905-4197-9DEF-3672155A53A8",
"versionEndExcluding": "1.8.4.0199",
"versionStartIncluding": "1.8.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:tanium:tanos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DD9D94FB-A60B-491B-9614-E5169512BEDB",
"versionEndExcluding": "1.8.5.0227",
"versionStartIncluding": "1.8.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Tanium addressed an improper input validation vulnerability in Tanium Appliance."
},
{
"lang": "es",
"value": "Tanium abord\u00f3 una vulnerabilidad de validaci\u00f3n de entrada incorrecta en Tanium Appliance."
}
],
"id": "CVE-2025-15321",
"lastModified": "2026-02-10T17:12:37.757",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 1.4,
"source": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2026-02-05T19:15:52.730",
"references": [
{
"source": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"tags": [
"Vendor Advisory"
],
"url": "https://security.tanium.com/TAN-2025-024"
}
],
"sourceIdentifier": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-426"
}
],
"source": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-863"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2025-15323
Vulnerability from fkie_nvd - Published: 2026-02-05 19:15 - Updated: 2026-02-10 17:26
Severity
Summary
Tanium addressed an improper certificate validation vulnerability in Tanium Appliance.
References
| URL | Tags | ||
|---|---|---|---|
| 3938794e-25f5-4123-a1ba-5cbd7f104512 | https://security.tanium.com/TAN-2025-031 | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tanium:tanos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7DA97604-1B30-4A64-ADB5-B96739B602EA",
"versionEndExcluding": "1.8.3.0199",
"versionStartIncluding": "1.8.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:tanium:tanos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "24D04267-7D2C-4A54-9431-03948E6B9D23",
"versionEndExcluding": "1.8.4.0205",
"versionStartIncluding": "1.8.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:tanium:tanos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "571B9326-2884-48DE-AD1C-720716DF4B74",
"versionEndExcluding": "1.8.5.0236",
"versionStartIncluding": "1.8.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Tanium addressed an improper certificate validation vulnerability in Tanium Appliance."
},
{
"lang": "es",
"value": "Tanium abord\u00f3 una vulnerabilidad de validaci\u00f3n de certificado incorrecta en Tanium Appliance."
}
],
"id": "CVE-2025-15323",
"lastModified": "2026-02-10T17:26:43.557",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 1.4,
"source": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"type": "Secondary"
}
]
},
"published": "2026-02-05T19:15:52.870",
"references": [
{
"source": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"tags": [
"Vendor Advisory"
],
"url": "https://security.tanium.com/TAN-2025-031"
}
],
"sourceIdentifier": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-295"
}
],
"source": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-13225
Vulnerability from fkie_nvd - Published: 2025-11-19 03:16 - Updated: 2026-01-08 16:48
Severity
5.6 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:L
6.0 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
6.0 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
Summary
Tanium addressed an arbitrary file deletion vulnerability in TanOS.
References
| URL | Tags | ||
|---|---|---|---|
| 3938794e-25f5-4123-a1ba-5cbd7f104512 | https://security.tanium.com/TAN-2025-036 | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tanium:tanos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2E2C2044-A3F3-44DB-9969-B7781418BFCB",
"versionEndExcluding": "1.8.4.0229",
"versionStartIncluding": "1.8.4.0000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:tanium:tanos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "558691EC-C7F1-472E-9664-C007687EEDAC",
"versionEndExcluding": "1.8.5.0262",
"versionStartIncluding": "1.8.5.0000",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Tanium addressed an arbitrary file deletion vulnerability in TanOS."
}
],
"id": "CVE-2025-13225",
"lastModified": "2026-01-08T16:48:48.297",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:L",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 4.7,
"source": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-11-19T03:16:03.313",
"references": [
{
"source": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"tags": [
"Vendor Advisory"
],
"url": "https://security.tanium.com/TAN-2025-036"
}
],
"sourceIdentifier": "3938794e-25f5-4123-a1ba-5cbd7f104512",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-552"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}