Cyber Resilience

CVE-2025-15313

Medium

Published: 10 February 2026

Published
10 February 2026
Modified
24 February 2026
KEV Added
Patch
CVSS Score v3.1 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
EPSS Score 0.0001 2.8th percentile
Risk Priority 11 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-15313 is a medium-severity Link Following (CWE-59) vulnerability in Tanium Euss. Its CVSS base score is 5.5 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique File Deletion (T1070.004); ranked at the 2.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).

Deeper analysis

CVE-2025-15313 is an arbitrary file deletion vulnerability in Tanium EUSS, classified under CWE-59 (Improper Link Resolution Before File Access). Tanium has addressed the issue, with a CVSS v3.1 base score of 5.5 (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N), indicating medium severity primarily due to high integrity impact.

A local attacker with low privileges can exploit this vulnerability with low complexity and no user interaction required. Successful exploitation allows arbitrary file deletion on the affected system, potentially disrupting operations by removing critical files without affecting confidentiality or availability.

Tanium's security advisory TAN-2025-010, available at https://security.tanium.com/TAN-2025-010, provides details on mitigation, including patches to resolve the vulnerability. Security practitioners should consult this advisory for deployment instructions.

EU & UK References

Vulnerability details

Tanium addressed an arbitrary file deletion vulnerability in Tanium EUSS.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1070.004 File Deletion Stealth
Adversaries may delete files left behind by the actions of their intrusion activity.
T1485 Data Destruction Impact
Adversaries may destroy data and files on specific systems or in large numbers on a network to interrupt availability to systems, services, and network resources.
Why these techniques?

Arbitrary file deletion directly enables file deletion for indicator removal (T1070.004) and data destruction (T1485) via local low-priv symlink attack.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-15314Same vendor: Tanium
CVE-2025-15319Same vendor: Tanium
CVE-2025-15310Same vendor: Tanium
CVE-2026-23563Shared CWE-59
CVE-2025-66680Shared CWE-59
CVE-2026-2435Same vendor: Tanium
CVE-2025-15316Same vendor: Tanium
CVE-2025-15344Same vendor: Tanium
CVE-2026-9208Same vendor: Tanium
CVE-2025-1683Shared CWE-59

Affected Assets

tanium
euss
1.17.0 — 1.17.41 · 1.18.0 — 1.18.28

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Enforces authorization checks on file operations so a low-privileged local process cannot delete arbitrary files via improper link resolution.

prevent

Restricts the set of files and directories a low-privileged account is allowed to modify, directly limiting the impact of the CWE-59 flaw.

prevent

Imposes access restrictions on change operations, preventing untrusted local processes from performing arbitrary file deletions.

References