CVE-2025-15334
📋 TL;DR
An information disclosure vulnerability in Tanium Threat Response could allow authenticated attackers to access sensitive data they shouldn't have permission to view. This affects organizations using vulnerable versions of Tanium Threat Response. The vulnerability stems from incorrect default permissions (CWE-276).
💻 Affected Systems
- Tanium Threat Response
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers could access sensitive investigation data, threat intelligence, or system information that could be used for further attacks or intelligence gathering.
Likely Case
Privileged users or compromised accounts could view investigation details, endpoint data, or threat information beyond their intended access level.
If Mitigated
With proper access controls and monitoring, impact would be limited to minimal data exposure that can be quickly detected and contained.
🎯 Exploit Status
Exploitation requires authenticated access to the Tanium system. The vulnerability is in permission handling logic.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check Tanium advisory TAN-2025-026 for specific patched versions
Vendor Advisory: https://security.tanium.com/TAN-2025-026
Restart Required: Yes
Instructions:
1. Review Tanium advisory TAN-2025-026. 2. Identify affected Tanium Threat Response versions. 3. Apply the recommended patch/update. 4. Restart Tanium services as required. 5. Verify the fix is applied.
🔧 Temporary Workarounds
Restrict Access Controls
allTighten user permissions and implement principle of least privilege for Tanium Threat Response access
Enhanced Monitoring
allIncrease logging and monitoring of access to sensitive threat response data
🧯 If You Can't Patch
- Implement strict access controls and review all user permissions in Tanium Threat Response
- Enable detailed audit logging for all access to threat response data and monitor for unusual access patterns
🔍 How to Verify
Check if Vulnerable:
Check Tanium Threat Response version against affected versions listed in advisory TAN-2025-026Check Version:
Check Tanium console or use Tanium CLI commands specific to your deploymentVerify Fix Applied:
Verify Tanium Threat Response has been updated to patched version and test permission controls📡 Detection & Monitoring
Log Indicators:
- Unusual access patterns to threat response data
- Multiple failed permission checks followed by successful access
Network Indicators:
- Unusual data transfer volumes from Tanium Threat Response components
SIEM Query:
source="tanium" AND (event_type="access_denied" OR event_type="permission_violation") AND resource="threat_response"