Can you explain this vulnerability to me?

CVE-2025-15289 is an improper access controls vulnerability in Tanium Interact. It allows an authenticated Tanium user who normally has no permissions to gain unauthorized read-only access to data.

This vulnerability has a low severity with a CVSS 3.1 base score of 3.1.

Affected versions include Interact prior to Update 24 (v3.1.337) in the 2024H1 release, prior to Update 13 (v3.2.185) in the 2024H2 release, and prior to Update 7 (v3.5.90) in the 2025H1 release.

Useful 0 Not Useful 0

How can this vulnerability impact me? :

This vulnerability can impact you by allowing an authenticated user with no permissions to gain unauthorized read-only access to data within Tanium Interact.

While the access is read-only, it could lead to exposure of sensitive information that should otherwise be restricted.

Useful 0 Not Useful 0

How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

I don't know

Useful 0 Not Useful 0

How can this vulnerability be detected on my network or system? Can you suggest some commands?

I don't know

Useful 0 Not Useful 0

What immediate steps should I take to mitigate this vulnerability?

To mitigate this vulnerability, you should update Tanium Interact to a fixed version. Specifically, apply Update 24 (v3.1.337) or later for the 2024H1 release, Update 13 (v3.2.185) or later for the 2024H2 release, or Update 7 (v3.5.90) or later for the 2025H1 release.

No other workarounds or mitigations are provided.

Useful 0 Not Useful 0