CVE-2025-15310
Published: 10 February 2026
Summary
CVE-2025-15310 is a high-severity Link Following (CWE-59) vulnerability in Tanium Patch Endpoint Tools. Its CVSS base score is 7.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 1.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and AC-6 (Least Privilege).
Deeper analysis
CVE-2025-15310 is a local privilege escalation vulnerability (CWE-59) affecting Tanium's Patch Endpoint Tools. Tanium addressed the issue, which carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). The vulnerability was published on 2026-02-10T00:16:05.370.
A local attacker with low privileges (PR:L) can exploit the vulnerability with low attack complexity and no user interaction. Successful exploitation enables high-impact compromise of confidentiality, integrity, and availability, allowing privilege escalation on affected endpoints.
Tanium has published security advisory TAN-2025-001 at https://security.tanium.com/TAN-2025-001, which provides details on the vulnerability and associated remediation.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-207256
Vulnerability details
Tanium addressed a local privilege escalation vulnerability in Patch Endpoint Tools.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Local privilege escalation vulnerability (CWE-59 link following) directly enables T1068 Exploitation for Privilege Escalation from low-privileged local context.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly remediates the local privilege escalation vulnerability in Tanium Patch Endpoint Tools by requiring timely patching as specified in Tanium's security advisory TAN-2025-001.
Mitigates privilege escalation by ensuring users and processes interacting with Tanium Patch Endpoint Tools operate with least privileges necessary.
Enables identification of exploitation through monitoring for anomalous privilege changes or unauthorized access on endpoints running vulnerable Tanium tools.