CVE-2025-15313
Published: 10 February 2026
Summary
CVE-2025-15313 is a medium-severity Link Following (CWE-59) vulnerability in Tanium Euss. Its CVSS base score is 5.5 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique File Deletion (T1070.004); ranked at the 2.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).
Deeper analysis
CVE-2025-15313 is an arbitrary file deletion vulnerability in Tanium EUSS, classified under CWE-59 (Improper Link Resolution Before File Access). Tanium has addressed the issue, with a CVSS v3.1 base score of 5.5 (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N), indicating medium severity primarily due to high integrity impact.
A local attacker with low privileges can exploit this vulnerability with low complexity and no user interaction required. Successful exploitation allows arbitrary file deletion on the affected system, potentially disrupting operations by removing critical files without affecting confidentiality or availability.
Tanium's security advisory TAN-2025-010, available at https://security.tanium.com/TAN-2025-010, provides details on mitigation, including patches to resolve the vulnerability. Security practitioners should consult this advisory for deployment instructions.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-207254
Vulnerability details
Tanium addressed an arbitrary file deletion vulnerability in Tanium EUSS.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Arbitrary file deletion directly enables file deletion for indicator removal (T1070.004) and data destruction (T1485) via local low-priv symlink attack.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Enforces authorization checks on file operations so a low-privileged local process cannot delete arbitrary files via improper link resolution.
Restricts the set of files and directories a low-privileged account is allowed to modify, directly limiting the impact of the CWE-59 flaw.
Imposes access restrictions on change operations, preventing untrusted local processes from performing arbitrary file deletions.