CVE-2025-15316
Published: 09 February 2026
Summary
CVE-2025-15316 is a medium-severity Argument Injection (CWE-88) vulnerability in Tanium Module Server. Its CVSS base score is 6.7 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 10.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and AC-6 (Least Privilege).
Deeper analysis
CVE-2025-15316 is a local privilege escalation vulnerability in Tanium Server. Tanium addressed the issue, which is classified under CWE-88 and carries a CVSS v3.1 base score of 6.7 (AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H). The vulnerability was published on 2026-02-09.
An attacker with local access and existing high privileges (PR:H) on the affected system can exploit this vulnerability with low complexity and no user interaction required. Successful exploitation enables high-impact consequences, including unauthorized access to confidential data (C:H), modification of system integrity (I:H), and disruption of availability (A:H), effectively allowing full privilege escalation from the attacker's privileged position.
Tanium's security advisory TAN-2025-011 at https://security.tanium.com/TAN-2025-011 provides details on mitigation and patching instructions for the vulnerability.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-207349
Vulnerability details
Tanium addressed a local privilege escalation vulnerability in Tanium Server.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Direct local privilege escalation vulnerability enabling T1068 Exploitation for Privilege Escalation from an already-privileged local account.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires timely installation of vendor patches that remediate the Tanium Server privilege-escalation flaw described in TAN-2025-011.
Enforces least-privilege restrictions on local accounts so that even a high-privilege user cannot reach the code paths exploited by CVE-2025-15316.
Requires integrity verification of Tanium Server executables and libraries, enabling detection of unauthorized modifications that would be used in the escalation attack.