CVE-2025-15288
Improper Access Control in Tanium Interact Risks Unauthorized Access
Publication date: 2026-01-29
Last updated on: 2026-03-09
Assigner: Tanium
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| tanium | interact | From 3.5.0 (inc) to 3.5.90 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-863 | The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an improper access control issue in Tanium Interact. It allows an authenticated user who has the internal 'Data Collection Sensor - Write' permission to gain unauthorized read-only access to data that is beyond their intended access scope. It affects versions prior to Update 7 (v3.5.90) of the 2025H1 Release of Interact. [1]
How can this vulnerability impact me? :
The impact of this vulnerability is that an authenticated user with certain write permissions can read data they should not have access to, potentially exposing sensitive information. However, the vulnerability has a low severity score (CVSS 3.1 base score of 3.1) and only allows read-only access without affecting integrity or availability. [1]
What immediate steps should I take to mitigate this vulnerability?
The vulnerability is resolved in Tanium Interact Update 7 (v3.5.90) and later versions. Immediate steps include upgrading your Interact installation to Update 7 or a more recent version. No other workarounds or mitigations are available. [1]