CVE-2025-15312
Published: 05 February 2026
Summary
CVE-2025-15312 is a medium-severity Improper Encoding or Escaping of Output (CWE-116) vulnerability in Tanium Tanos. Its CVSS base score is 6.6 (Medium).
Operationally, ranked at the 6.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
Threat & Defense Details
Likely Mitigating ControlsAI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Validating that output matches expected content directly mitigates failures to properly encode or escape data for its destination context.
MITRE ATT&CK Enterprise TechniquesAI
Insufficient information to map techniques.NVD Description
Tanium addressed an improper output sanitization vulnerability in Tanium Appliance.
Deeper analysisAI
CVE-2025-15312 is an improper output sanitization vulnerability, classified under CWE-116, affecting the Tanium Appliance. Tanium addressed the issue, with the CVE published on 2026-02-05T19:15:52.587 and assigned a CVSS v3.1 base score of 6.6 (AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).
The vulnerability is exploitable over the network (AV:N) by users with high privileges (PR:H), though it requires high attack complexity (AC:H) and no user interaction (UI:N). Successful exploitation enables high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H) within the unchanged security scope (S:U).
Mitigation details are provided in Tanium's security advisory TAN-2025-003, available at https://security.tanium.com/TAN-2025-003.
Details
- CWE(s)