CVE-2025-15336
📋 TL;DR
CVE-2025-15336 is an incorrect default permissions vulnerability in Tanium Performance that allows authenticated users to access or modify resources they shouldn't have permission to. This affects organizations using Tanium Performance with default configurations, potentially exposing sensitive performance data.
💻 Affected Systems
- Tanium Performance
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Privileged escalation leading to unauthorized access to sensitive performance metrics, configuration data, or potential lateral movement within the Tanium environment.
Likely Case
Unauthorized viewing or modification of performance monitoring data by authenticated users with lower privileges than intended.
If Mitigated
Minimal impact with proper access controls, role-based permissions, and network segmentation already implemented.
🎯 Exploit Status
Requires authenticated access to Tanium; exploitation would involve accessing resources beyond assigned permissions.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Refer to Tanium advisory TAN-2025-029 for specific patched versions
Vendor Advisory: https://security.tanium.com/TAN-2025-029
Restart Required: Yes
Instructions:
1. Review Tanium advisory TAN-2025-029. 2. Identify affected Tanium Performance versions. 3. Apply the recommended patch/update from Tanium. 4. Restart Tanium services as required. 5. Verify permissions are correctly applied post-update.
🔧 Temporary Workarounds
Implement strict role-based access controls
allManually review and tighten permissions for all Tanium Performance users to minimum required access
Network segmentation
allRestrict network access to Tanium Performance to only authorized administrative networks
🧯 If You Can't Patch
- Implement principle of least privilege for all Tanium users
- Enable detailed audit logging for all Tanium Performance access and review regularly
🔍 How to Verify
Check if Vulnerable:
Check Tanium Performance version against affected versions listed in TAN-2025-029 advisoryCheck Version:
tanium version (or consult Tanium documentation for version check command)Verify Fix Applied:
Verify Tanium Performance is updated to patched version and test that users cannot access unauthorized resources📡 Detection & Monitoring
Log Indicators:
- Unauthorized access attempts to Tanium Performance resources
- Permission denied errors followed by successful access
Network Indicators:
- Unusual access patterns to Tanium Performance endpoints from non-admin users
SIEM Query:
source="tanium" AND (event_type="access_denied" OR resource_access="unauthorized")