CVE-2025-15313 – CVE-2025-15313 is an arbitrary file deletion vu... (How to Fix)

Q: What is the severity of CVE-2025-15313?

CVE-2025-15313 has a CVSS score of 5.5 (MEDIUM). CVE-2025-15313 is an arbitrary file deletion vulnerability in Tanium EUSS that allows authenticated attackers to delete files on the server. This affects organizations using Tanium EUSS for endpoint management. Attackers could disrupt operations by deleting critical system or configuration files.

📋 TL;DR

CVE-2025-15313 is an arbitrary file deletion vulnerability in Tanium EUSS that allows authenticated attackers to delete files on the server. This affects organizations using Tanium EUSS for endpoint management. Attackers could disrupt operations by deleting critical system or configuration files.

💻 Affected Systems

Products:

Tanium Endpoint User Self Service (EUSS)

Versions: Specific versions not detailed in advisory, but all versions prior to the fix are affected

Operating Systems: Windows, Linux

Default Config Vulnerable: ⚠️ Yes

Notes: Requires authenticated access to Tanium EUSS interface. All deployments using vulnerable versions are affected.

📦 What is this software?

Euss by Tanium

View all CVEs affecting Euss →

Euss by Tanium

View all CVEs affecting Euss →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise through deletion of critical OS files, leading to system crashes, data loss, or service disruption across managed endpoints.

🟠

Likely Case

Targeted deletion of configuration files causing service disruption, loss of audit logs, or removal of security controls on affected Tanium servers.

🟢

If Mitigated

Limited impact with proper access controls and monitoring, potentially only affecting non-critical files in isolated directories.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authenticated access to the Tanium EUSS interface. The vulnerability is in improper path validation allowing directory traversal.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Version containing fix TAN-2025-010

Vendor Advisory: https://security.tanium.com/TAN-2025-010

Restart Required: Yes

Instructions:

1. Log into Tanium Console. 2. Navigate to Administration > Updates. 3. Apply the latest Tanium platform update containing TAN-2025-010. 4. Restart Tanium services as prompted.

🔧 Temporary Workarounds

Restrict EUSS Access

all

Limit access to Tanium EUSS interface to only necessary administrative users

Implement File Integrity Monitoring

all

Deploy FIM on Tanium server to detect unauthorized file deletions

🧯 If You Can't Patch

Implement strict access controls to Tanium EUSS interface
Deploy file integrity monitoring on Tanium server directories

🔍 How to Verify

Check if Vulnerable:

Check Tanium version against advisory TAN-2025-010. If running version prior to the fix, system is vulnerable.

Check Version:

On Tanium server: tanium version

Verify Fix Applied:

Verify Tanium platform version includes TAN-2025-010 fix by checking version in Tanium Console > About.

📡 Detection & Monitoring

Log Indicators:

Unexpected file deletion events in Tanium audit logs
Failed file access attempts with path traversal patterns

Network Indicators:

Unusual volume of file operation requests to Tanium EUSS endpoints

SIEM Query:

source="tanium" AND (event_type="file_delete" OR event_type="file_remove") AND file_path CONTAINS ".."

📊 Metadata

CVE ID: CVE-2025-15313

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

CWE: CWE-59

EPSS Score: 0.03% exploit probability (7.1th percentile)

Published: February 10, 2026

Last Updated: February 24, 2026

🔗 References

https://security.tanium.com/TAN-2025-010 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-15313, you might also want to check these: