CVE-2025-15341
📋 TL;DR
CVE-2025-15341 is an incorrect default permissions vulnerability in Tanium Benchmark that allows unauthorized users to access sensitive configuration data. This affects organizations using Tanium Benchmark with default permissions. Attackers could potentially read or modify benchmark configurations they shouldn't have access to.
💻 Affected Systems
- Tanium Benchmark
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Unauthorized users could modify benchmark configurations to disable security controls, create malicious benchmarks, or exfiltrate sensitive system configuration data.
Likely Case
Unauthorized users accessing benchmark configurations they shouldn't have permission to view, potentially exposing sensitive system information.
If Mitigated
Limited information disclosure with no ability to modify configurations or execute code.
🎯 Exploit Status
Exploitation requires some level of access to the Tanium environment. No public exploit code available at this time.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check Tanium advisory TAN-2025-029 for specific patched versions
Vendor Advisory: https://security.tanium.com/TAN-2025-029
Restart Required: Yes
Instructions:
1. Review Tanium advisory TAN-2025-029. 2. Update Tanium Benchmark to the patched version. 3. Restart Tanium services. 4. Verify permissions are correctly configured.
🔧 Temporary Workarounds
Manual Permission Review
allReview and adjust permissions for Tanium Benchmark objects to ensure only authorized users have access
Role-Based Access Control
allImplement strict role-based access control for Tanium Benchmark functionality
🧯 If You Can't Patch
- Implement strict access controls and review all user permissions for Tanium Benchmark
- Monitor Tanium audit logs for unauthorized access attempts to benchmark configurations
🔍 How to Verify
Check if Vulnerable:
Check Tanium Benchmark version against advisory TAN-2025-029. Review permission settings for benchmark objects.Check Version:
Check Tanium console or use Tanium API to query component versionsVerify Fix Applied:
Verify Tanium Benchmark is updated to patched version and test that unauthorized users cannot access benchmark configurations.📡 Detection & Monitoring
Log Indicators:
- Unauthorized access attempts to benchmark objects
- Permission changes to benchmark configurations
- Unusual benchmark configuration modifications
Network Indicators:
- Unusual API calls to benchmark endpoints from unauthorized sources
SIEM Query:
source="tanium" AND (event_type="permission_denied" OR event_type="configuration_change") AND target="benchmark"