Tanium Enforce up to 2.7.313/2.8.543 link following

Summaryinfo

A vulnerability was found in Tanium Enforce up to 2.7.313/2.8.543. It has been rated as critical. This affects an unknown function. The manipulation leads to link following. This vulnerability is documented as CVE-2025-15328. The attack needs to be performed locally. There is not any exploit available. Upgrading the affected component is advised.

Detailsinfo

A vulnerability was found in Tanium Enforce up to 2.7.313/2.8.543 and classified as problematic. This issue affects an unknown function. The manipulation with an unknown input leads to a link following vulnerability. Using CWE to declare the problem leads to CWE-59. The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource. Impacted is confidentiality. The summary by CVE is:

Tanium addressed an improper link resolution before file access vulnerability in Enforce.

The advisory is shared at security.tanium.com. The identification of this vulnerability is CVE-2025-15328 since 12/30/2025. The exploitation is known to be easy. An attack has to be approached locally. Neither technical details nor an exploit are publicly available.

Upgrading to version 2.7.314 or 2.8.544 eliminates this vulnerability.

The vulnerability is also documented in the vulnerability database at EUVD (EUVD-2025-206835). Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Productinfo

Vendor

• Tanium

Name

• Enforce

Version

• 2.7.313
• 2.8.543

CPE 2.3info

• 🔒
• 🔒
• 🔒

CPE 2.2info

• 🔒
• 🔒
• 🔒

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Discussion