CVE-2025-15335
📋 TL;DR
An information disclosure vulnerability in Tanium Threat Response could allow authenticated attackers to access sensitive data they shouldn't have permission to view. This affects organizations using Tanium Threat Response with vulnerable configurations. The vulnerability stems from incorrect default permissions (CWE-276).
💻 Affected Systems
- Tanium Threat Response
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers could access sensitive threat intelligence data, investigation details, or system information that could be used for further attacks.
Likely Case
Privileged users or compromised accounts could view restricted threat response data, potentially exposing internal security operations.
If Mitigated
With proper access controls and network segmentation, impact would be limited to authorized users viewing data they shouldn't access.
🎯 Exploit Status
Exploitation requires authenticated access to Tanium Threat Response with some existing permissions.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 7.7.4 and later
Vendor Advisory: https://security.tanium.com/TAN-2025-027
Restart Required: Yes
Instructions:
1. Download Tanium Threat Response 7.7.4 or later from Tanium support portal. 2. Follow Tanium's standard upgrade procedures for Threat Response module. 3. Restart Tanium services as required by the upgrade process.
🔧 Temporary Workarounds
Restrict Access to Threat Response
allLimit user access to Tanium Threat Response module to only necessary personnel
Review and Audit Permissions
allRegularly review Tanium user permissions and audit access to Threat Response data
🧯 If You Can't Patch
- Implement strict access controls and principle of least privilege for Tanium Threat Response users
- Monitor and audit access to Threat Response data for unusual patterns
🔍 How to Verify
Check if Vulnerable:
Check Tanium Threat Response version in Tanium Console under Modules > Threat Response > AboutCheck Version:
In Tanium Console: Navigate to Modules > Threat Response > AboutVerify Fix Applied:
Verify version is 7.7.4 or later in Tanium Console and test that only authorized users can access sensitive Threat Response data📡 Detection & Monitoring
Log Indicators:
- Unusual access patterns to Threat Response data
- Multiple failed permission checks followed by successful access
Network Indicators:
- Unusual API calls to Threat Response endpoints from non-standard users
SIEM Query:
source="tanium" AND (event_type="permission_denied" OR event_type="data_access") AND module="threat_response"