Cyber Resilience

CVE-2025-15314

Medium

Published: 10 February 2026

Published
10 February 2026
Modified
20 February 2026
KEV Added
Patch
CVSS Score v3.1 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
EPSS Score 0.0034 25.3th percentile
Risk Priority 35 floored blend · peak EPSS

Summary

CVE-2025-15314 is a medium-severity Link Following (CWE-59) vulnerability in Tanium End-User-Cx. Its CVSS base score is 5.5 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique File Deletion (T1070.004); ranked at the 25.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).

Deeper analysis

CVE-2025-15314 is an arbitrary file deletion vulnerability affecting Tanium's end-user-cx component. Published on 2026-02-10, the issue has a CVSS v3.1 base score of 5.5 (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N) and is associated with CWE-59 (Improper Link Resolution Before File Access) as well as NVD-CWE-noinfo. Tanium has addressed the vulnerability.

A local attacker with low privileges, such as a standard user account on the affected system, can exploit this vulnerability with low complexity and no user interaction required. Successful exploitation enables high-impact integrity violations, specifically arbitrary file deletion, without affecting confidentiality or availability.

Tanium's security advisory TAN-2025-010, available at https://security.tanium.com/TAN-2025-010, provides details on mitigation and patches for this vulnerability.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

Tanium addressed an arbitrary file deletion vulnerability in end-user-cx.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1070.004 File Deletion Stealth
Adversaries may delete files left behind by the actions of their intrusion activity.
T1485 Data Destruction Impact
Adversaries may destroy data and files on specific systems or in large numbers on a network to interrupt availability to systems, services, and network resources.
Why these techniques?

Arbitrary file deletion vuln directly enables local file removal for covering tracks (T1070.004) or data destruction (T1485).

Confidence: MEDIUM · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-15313Same vendor: Tanium
CVE-2025-15310Same vendor: Tanium
CVE-2025-15319Same vendor: Tanium
CVE-2026-23563Shared CWE-59
CVE-2025-66680Shared CWE-59
CVE-2025-15316Same vendor: Tanium
CVE-2025-15344Same vendor: Tanium
CVE-2026-9208Same vendor: Tanium
CVE-2026-2435Same vendor: Tanium
CVE-2025-15312Same vendor: Tanium

Affected Assets

tanium
end-user-cx
1.4 — 1.4.1175 · 1.6 — 1.6.926 · 1.8 — 1.8.21

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly enforces access-control policy on file operations so a low-privileged local process cannot delete arbitrary files via improper link resolution.

prevent

Limits the set of files and directories a standard user account is authorized to modify, reducing the attack surface for arbitrary deletion.

prevent

Restricts which principals may perform change operations on system files, blocking the unauthorized deletions enabled by this flaw.

References