CVE-2025-15316
Published: 09 February 2026
Summary
CVE-2025-15316 is a medium-severity Argument Injection (CWE-88) vulnerability in Tanium Module Server. Its CVSS base score is 6.7 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 7.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
Threat & Defense at a Glance
Threat & Defense Details
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Direct local privilege escalation vulnerability enabling T1068 Exploitation for Privilege Escalation from an already-privileged local account.
NVD Description
Tanium addressed a local privilege escalation vulnerability in Tanium Server.
Deeper analysisAI
CVE-2025-15316 is a local privilege escalation vulnerability in Tanium Server. Tanium addressed the issue, which is classified under CWE-88 and carries a CVSS v3.1 base score of 6.7 (AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H). The vulnerability was published on 2026-02-09.
An attacker with local access and existing high privileges (PR:H) on the affected system can exploit this vulnerability with low complexity and no user interaction required. Successful exploitation enables high-impact consequences, including unauthorized access to confidential data (C:H), modification of system integrity (I:H), and disruption of availability (A:H), effectively allowing full privilege escalation from the attacker's privileged position.
Tanium's security advisory TAN-2025-011 at https://security.tanium.com/TAN-2025-011 provides details on mitigation and patching instructions for the vulnerability.
Details
- CWE(s)