CVE-2025-15322
Improper Access Control in Tanium Server Allows Unauthorized Access
Publication date: 2026-01-30
Last updated on: 2026-03-09
Assigner: Tanium
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| tanium | server | From 7.6.2.0 (inc) to 7.6.2.1327 (exc) |
| tanium | server | From 7.6.4.0 (inc) to 7.6.4.2160 (exc) |
| tanium | server | From 7.7.3.0 (inc) to 7.7.3.8231 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-863 | The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-15322 is an improper access control vulnerability in Tanium Server. It allows an authenticated user who has the 'Ask Dynamic Questions' permission to gain unauthorized read-only access to data beyond what they are normally allowed to see. [1]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing certain authenticated users to access sensitive data they should not have permission to view, potentially exposing confidential information without authorization. [1]
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, you should apply the respective Tanium Server updates: Update 22 or later for the 2024H1 release (v7.6.2.1327+), Update 11 or later for the 2024H2 release (v7.6.4.2160+), and Update 5 or later for the 2025H1 release (v7.7.3.8231+). No other workarounds or mitigations are available. [1]