CVE-2025-15315
Published: 09 February 2026
Summary
CVE-2025-15315 is a medium-severity Argument Injection (CWE-88) vulnerability in Tanium Module Server. Its CVSS base score is 6.7 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 7.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
Threat & Defense at a Glance
Threat & Defense Details
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Local privilege escalation vulnerability directly matches Exploitation for Privilege Escalation (T1068).
NVD Description
Tanium addressed a local privilege escalation vulnerability in Tanium Module Server.
Deeper analysisAI
CVE-2025-15315 is a local privilege escalation vulnerability in the Tanium Module Server, as addressed by Tanium. Published on 2026-02-09, it carries a CVSS v3.1 base score of 6.7 (AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H) and is linked to CWE-88 (and NVD-CWE-noinfo).
A local attacker with high privileges can exploit this vulnerability with low complexity and no user interaction required. Successful exploitation enables privilege escalation, resulting in high impacts to confidentiality, integrity, and availability.
Tanium's security advisory TAN-2025-011 at https://security.tanium.com/TAN-2025-011 provides details on the vulnerability and mitigation steps, confirming that Tanium has addressed the issue.
Details
- CWE(s)