Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-15321

Summary
Assigner-Tanium
Assigner Org ID-3938794e-25f5-4123-a1ba-5cbd7f104512
Published At-05 Feb, 2026 | 18:20
Updated At-06 Feb, 2026 | 17:37
Rejected At-
Credits

Tanium addressed an improper input validation vulnerability in Tanium Appliance.

Tanium addressed an improper input validation vulnerability in Tanium Appliance.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Tanium
Assigner Org ID:3938794e-25f5-4123-a1ba-5cbd7f104512
Published At:05 Feb, 2026 | 18:20
Updated At:06 Feb, 2026 | 17:37
Rejected At:
▼CVE Numbering Authority (CNA)
Tanium addressed an improper input validation vulnerability in Tanium Appliance.

Tanium addressed an improper input validation vulnerability in Tanium Appliance.

Affected Products
Vendor
Tanium
Product
Tanium Appliance
CPEs
  • cpe:2.3:a:tanium:tanos:1.8.3.0195:*:*:*:*:*:*:*
  • cpe:2.3:a:tanium:tanos:1.8.5.0198:*:*:*:*:*:*:*
  • cpe:2.3:a:tanium:tanos:1.8.5.0226:*:*:*:*:*:*:*
Versions
Affected
  • From 1.8.3.0 before 1.8.3.0196 (custom)
  • From 1.8.5.0 before 1.8.5.0199 (custom)
  • From 1.8.5.0 before 1.8.5.0227 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-426Untrusted Search Path
Type: CWE
CWE ID: CWE-426
Description: Untrusted Search Path
Metrics
VersionBase scoreBase severityVector
3.12.7LOW
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
Version: 3.1
Base score: 2.7
Base severity: LOW
Vector:
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
reporter
Filip Waeytens
reporter
Frank Lycops
reporter
Jean-Michel Huguet
reporter
Jorge Escabias
reporter
Justin Hocquel from NCIA/NCSC
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://security.tanium.com/TAN-2025-024
N/A
Hyperlink: https://security.tanium.com/TAN-2025-024
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:3938794e-25f5-4123-a1ba-5cbd7f104512
Published At:05 Feb, 2026 | 19:15
Updated At:10 Feb, 2026 | 17:12

Tanium addressed an improper input validation vulnerability in Tanium Appliance.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.12.7LOW
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
Primary3.12.7LOW
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
Type: Secondary
Version: 3.1
Base score: 2.7
Base severity: LOW
Vector:
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
Type: Primary
Version: 3.1
Base score: 2.7
Base severity: LOW
Vector:
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
CPE Matches
tanium
tanium
>>tanos>>Versions from 1.8.3(inclusive) to 1.8.3.0196(exclusive)
cpe:2.3:o:tanium:tanos:*:*:*:*:*:*:*:*
tanium
tanium
>>tanos>>Versions from 1.8.4(inclusive) to 1.8.4.0199(exclusive)
cpe:2.3:o:tanium:tanos:*:*:*:*:*:*:*:*
tanium
tanium
>>tanos>>Versions from 1.8.5(inclusive) to 1.8.5.0227(exclusive)
cpe:2.3:o:tanium:tanos:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-426Secondary3938794e-25f5-4123-a1ba-5cbd7f104512
CWE-863Primarynvd@nist.gov
CWE ID: CWE-426
Type: Secondary
Source: 3938794e-25f5-4123-a1ba-5cbd7f104512
CWE ID: CWE-863
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://security.tanium.com/TAN-2025-0243938794e-25f5-4123-a1ba-5cbd7f104512
Vendor Advisory
Hyperlink: https://security.tanium.com/TAN-2025-024
Source: 3938794e-25f5-4123-a1ba-5cbd7f104512
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

13Records found
CVE-2025-15322
Matching Score-6
Assigner-3938794e-25f5-4123-a1ba-5cbd7f104512
ShareView Details
Matching Score-6
Assigner-3938794e-25f5-4123-a1ba-5cbd7f104512
CVSS Score-4.3||MEDIUM
EPSS-0.01% / 0.85%
||
7 Day CHG~0.00%
Published-30 Jan, 2026 | 00:20
Updated-05 Feb, 2026 | 16:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tanium addressed an improper access controls vulnerability in Tanium Server.

Tanium addressed an improper access controls vulnerability in Tanium Server.

Action-Not Available
Vendor-Tanium
Product-Tanium Server
CWE ID-CWE-863
Incorrect Authorization
CVE-2025-15342
Matching Score-6
Assigner-3938794e-25f5-4123-a1ba-5cbd7f104512
ShareView Details
Matching Score-6
Assigner-3938794e-25f5-4123-a1ba-5cbd7f104512
CVSS Score-4.3||MEDIUM
EPSS-0.03% / 8.55%
||
7 Day CHG~0.00%
Published-05 Feb, 2026 | 18:13
Updated-10 Feb, 2026 | 18:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tanium addressed an improper access controls vulnerability in Reputation.

Tanium addressed an improper access controls vulnerability in Reputation.

Action-Not Available
Vendor-taniumTanium
Product-reputationReputation
CWE ID-CWE-863
Incorrect Authorization
CVE-2025-15288
Matching Score-6
Assigner-3938794e-25f5-4123-a1ba-5cbd7f104512
ShareView Details
Matching Score-6
Assigner-3938794e-25f5-4123-a1ba-5cbd7f104512
CVSS Score-3.1||LOW
EPSS-0.01% / 0.77%
||
7 Day CHG~0.00%
Published-29 Jan, 2026 | 20:10
Updated-05 Feb, 2026 | 15:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tanium addressed an improper access controls vulnerability in Interact.

Tanium addressed an improper access controls vulnerability in Interact.

Action-Not Available
Vendor-Tanium
Product-Interact
CWE ID-CWE-863
Incorrect Authorization
CVE-2025-67740
Matching Score-4
Assigner-JetBrains s.r.o.
ShareView Details
Matching Score-4
Assigner-JetBrains s.r.o.
CVSS Score-2.7||LOW
EPSS-0.00% / 0.07%
||
7 Day CHG~0.00%
Published-11 Dec, 2025 | 15:19
Updated-15 Dec, 2025 | 20:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains TeamCity before 2025.11 improper access control could expose GitHub App token's metadata

Action-Not Available
Vendor-JetBrains s.r.o.
Product-teamcityTeamCity
CWE ID-CWE-863
Incorrect Authorization
CVE-2025-6168
Matching Score-4
Assigner-GitLab Inc.
ShareView Details
Matching Score-4
Assigner-GitLab Inc.
CVSS Score-2.7||LOW
EPSS-0.01% / 2.83%
||
7 Day CHG~0.00%
Published-10 Jul, 2025 | 08:30
Updated-10 Jul, 2025 | 20:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Incorrect Authorization in GitLab

An issue has been discovered in GitLab EE affecting all versions from 18.0 before 18.0.4 and 18.1 before 18.1.2 that could have allowed authenticated maintainers to bypass group-level user invitation restrictions by sending crafted API requests.

Action-Not Available
Vendor-GitLab Inc.
Product-GitLab
CWE ID-CWE-863
Incorrect Authorization
CVE-2023-5193
Matching Score-4
Assigner-Mattermost, Inc.
ShareView Details
Matching Score-4
Assigner-Mattermost, Inc.
CVSS Score-4.9||MEDIUM
EPSS-0.15% / 35.75%
||
7 Day CHG~0.00%
Published-29 Sep, 2023 | 09:23
Updated-20 Sep, 2024 | 16:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
System Role with manage posts permission can read posts of Direct Messages

Mattermost fails to properly check permissions when retrieving a post allowing for a System Role with the permission to manage channels to read the posts of a DM conversation.

Action-Not Available
Vendor-Mattermost, Inc.
Product-mattermostMattermost
CWE ID-CWE-863
Incorrect Authorization
CVE-2023-51380
Matching Score-4
Assigner-GitHub, Inc. (Products Only)
ShareView Details
Matching Score-4
Assigner-GitHub, Inc. (Products Only)
CVSS Score-2.7||LOW
EPSS-0.17% / 38.29%
||
7 Day CHG~0.00%
Published-21 Dec, 2023 | 20:45
Updated-16 Dec, 2024 | 19:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Incorrect Authorization allows Read Access to Issue Comments in GitHub Enterprise Server

An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed issue comments to be read with an improperly scoped token. This vulnerability affected all versions of GitHub Enterprise Server since 3.7 and was fixed in version 3.7.19, 3.8.12, 3.9.7, 3.10.4, and 3.11.1.

Action-Not Available
Vendor-GitHub, Inc.
Product-enterprise_serverEnterprise Server
CWE ID-CWE-863
Incorrect Authorization
CVE-2025-49549
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-2.7||LOW
EPSS-0.07% / 22.15%
||
7 Day CHG~0.00%
Published-25 Jun, 2025 | 17:41
Updated-26 Jun, 2025 | 18:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Commerce | Incorrect Authorization (CWE-863)

Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. A high-privileged attacker could leverage this vulnerability to bypass security measures and gain limited unauthorized access. Exploitation of this issue does not require user interaction.

Action-Not Available
Vendor-Adobe Inc.
Product-Adobe Commerce
CWE ID-CWE-863
Incorrect Authorization
CVE-2025-2570
Matching Score-4
Assigner-Mattermost, Inc.
ShareView Details
Matching Score-4
Assigner-Mattermost, Inc.
CVSS Score-2.7||LOW
EPSS-0.06% / 17.14%
||
7 Day CHG~0.00%
Published-15 May, 2025 | 15:27
Updated-06 Oct, 2025 | 15:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
System Admin Cannot Access Environment settings in System Console While System Manager Can

Mattermost versions 10.5.x <= 10.5.3, 9.11.x <= 9.11.11 fail to check `RestrictSystemAdmin` setting if user doesn't have access to `ExperimentalSettings` which allows a System Manager to access `ExperimentSettings` when `RestrictSystemAdmin` is true via System Console.

Action-Not Available
Vendor-Mattermost, Inc.
Product-mattermost_serverMattermost
CWE ID-CWE-863
Incorrect Authorization
CVE-2025-24866
Matching Score-4
Assigner-Mattermost, Inc.
ShareView Details
Matching Score-4
Assigner-Mattermost, Inc.
CVSS Score-2.7||LOW
EPSS-0.22% / 44.05%
||
7 Day CHG~0.00%
Published-10 Apr, 2025 | 15:33
Updated-01 Oct, 2025 | 18:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unauthorized Access to User Activity Logs API by delegated granular administration roles

Mattermost versions 9.11.x <= 9.11.8  fail to enforce proper access controls on the /api/v4/audits endpoint, allowing users with delegated granular administration roles who lack access to Compliance Monitoring to retrieve User Activity Logs.

Action-Not Available
Vendor-Mattermost, Inc.
Product-mattermost_serverMattermost
CWE ID-CWE-863
Incorrect Authorization
CVE-2025-1110
Matching Score-4
Assigner-GitLab Inc.
ShareView Details
Matching Score-4
Assigner-GitLab Inc.
CVSS Score-2.7||LOW
EPSS-0.02% / 4.47%
||
7 Day CHG~0.00%
Published-22 May, 2025 | 14:02
Updated-29 May, 2025 | 15:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Insufficient Granularity of Access Control in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 18.0 before 18.0.1. In certain circumstances, a user with limited permissions could access Job Data via a crafted GraphQL query.

Action-Not Available
Vendor-GitLab Inc.
Product-gitlabGitLab
CWE ID-CWE-1220
Insufficient Granularity of Access Control
CWE ID-CWE-863
Incorrect Authorization
CVE-2024-44114
Matching Score-4
Assigner-SAP SE
ShareView Details
Matching Score-4
Assigner-SAP SE
CVSS Score-2||LOW
EPSS-0.09% / 24.82%
||
7 Day CHG~0.00%
Published-10 Sep, 2024 | 03:06
Updated-16 Sep, 2024 | 14:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Missing Authorization check in SAP NetWeaver Application Server for ABAP and ABAP Platform

SAP NetWeaver Application Server for ABAP and ABAP Platform allow users with high privileges to execute a program that reveals data over the network. This results in a minimal impact on confidentiality of the application.

Action-Not Available
Vendor-SAP SE
Product-netweaver_application_server_abapSAP NetWeaver Application Server for ABAP and ABAP Platform
CWE ID-CWE-863
Incorrect Authorization
CVE-2024-42000
Matching Score-4
Assigner-Mattermost, Inc.
ShareView Details
Matching Score-4
Assigner-Mattermost, Inc.
CVSS Score-2.7||LOW
EPSS-0.14% / 33.67%
||
7 Day CHG~0.00%
Published-09 Nov, 2024 | 17:17
Updated-14 Nov, 2024 | 16:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unauthorized Access to view channels' details

Mattermost versions 9.10.x <= 9.10.2, 9.11.x <= 9.11.1, 9.5.x <= 9.5.9 and 10.0.x <= 10.0.0 fail to properly authorize the requests to /api/v4/channels  which allows a User or System Manager, with "Read Groups" permission but with no access for channels to retrieve details about private channels that they were not a member of by sending a request to /api/v4/channels.

Action-Not Available
Vendor-Mattermost, Inc.
Product-mattermost_serverMattermost
CWE ID-CWE-863
Incorrect Authorization
Details not found