CVE-2025-15319
Published: 09 February 2026
Summary
CVE-2025-15319 is a high-severity Link Following (CWE-59) vulnerability in Tanium Patch Endpoint Tools. Its CVSS base score is 7.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 1.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-25 (Reference Monitor) and AC-6 (Least Privilege).
Deeper analysis
CVE-2025-15319 is a local privilege escalation vulnerability in Tanium's Patch Endpoint Tools. Tanium has addressed the issue, which falls under CWE-59 (Improper Link Resolution Before File Access) and carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). The vulnerability was published on 2026-02-09T23:16:05.153.
A local attacker with low privileges (PR:L) can exploit this vulnerability given local access (AV:L), low attack complexity (AC:L), and no user interaction (UI:N). Successful exploitation enables high-impact privileges, compromising confidentiality, integrity, and availability (C:H/I:H/A:H) without changing scope (S:U).
Tanium's security advisory TAN-2025-021 at https://security.tanium.com/TAN-2025-021 provides details on patches and mitigation steps.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-207136
Vulnerability details
Tanium addressed a local privilege escalation vulnerability in Patch Endpoint Tools.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Local privilege escalation vulnerability (CWE-59) directly enables exploitation for privilege escalation from low-privileged local access.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly mitigates CVE-2025-15319 by requiring timely identification, prioritization, testing, and patching of the local privilege escalation flaw in Tanium Patch Endpoint Tools.
Enforces least privilege to limit the scope and impact of local low-privilege (PR:L) attackers exploiting improper link resolution before file access.
Implements a reference monitor to mediate and enforce access control policies, countering the CWE-59 improper link resolution that enables privilege escalation.