Cyber Resilience

CVE-2025-15316

Medium

Published: 09 February 2026

Published
09 February 2026
Modified
09 March 2026
KEV Added
Patch
CVSS Score v3.1 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0003 10.9th percentile
Risk Priority 13 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-15316 is a medium-severity Argument Injection (CWE-88) vulnerability in Tanium Module Server. Its CVSS base score is 6.7 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 10.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and AC-6 (Least Privilege).

Deeper analysis

CVE-2025-15316 is a local privilege escalation vulnerability in Tanium Server. Tanium addressed the issue, which is classified under CWE-88 and carries a CVSS v3.1 base score of 6.7 (AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H). The vulnerability was published on 2026-02-09.

An attacker with local access and existing high privileges (PR:H) on the affected system can exploit this vulnerability with low complexity and no user interaction required. Successful exploitation enables high-impact consequences, including unauthorized access to confidential data (C:H), modification of system integrity (I:H), and disruption of availability (A:H), effectively allowing full privilege escalation from the attacker's privileged position.

Tanium's security advisory TAN-2025-011 at https://security.tanium.com/TAN-2025-011 provides details on mitigation and patching instructions for the vulnerability.

EU & UK References

Vulnerability details

Tanium addressed a local privilege escalation vulnerability in Tanium Server.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Direct local privilege escalation vulnerability enabling T1068 Exploitation for Privilege Escalation from an already-privileged local account.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-15315Same product: Tanium Module Server
CVE-2025-15310Same vendor: Tanium
CVE-2025-15319Same vendor: Tanium
CVE-2025-15311Same vendor: Tanium
CVE-2026-0634Shared CWE-88
CVE-2026-4145Shared CWE-88
CVE-2026-41013Shared CWE-88
CVE-2025-15330Same vendor: Tanium
CVE-2025-0065Shared CWE-88
CVE-2026-2435Same vendor: Tanium

Affected Assets

tanium
module server
7.4.6 — 7.4.6.1151 · 7.5.6 — 7.5.6.1161 · 7.6.2 — 7.6.2.1293
tanium
server
7.4.6 — 7.4.6.1151 · 7.5.6 — 7.5.6.1161 · 7.6.2 — 7.6.2.1293

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires timely installation of vendor patches that remediate the Tanium Server privilege-escalation flaw described in TAN-2025-011.

prevent

Enforces least-privilege restrictions on local accounts so that even a high-privilege user cannot reach the code paths exploited by CVE-2025-15316.

detect

Requires integrity verification of Tanium Server executables and libraries, enabling detection of unauthorized modifications that would be used in the escalation attack.

References