CVE-2025-15329
Information Disclosure Vulnerability in Tanium Threat Response
Publication date: 2026-02-05
Last updated on: 2026-02-10
Assigner: Tanium
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| tanium | threat_response | From 4.5.0 (inc) to 4.5.250 (exc) |
| tanium | threat_response | From 4.6.0 (inc) to 4.6.518 (exc) |
| tanium | threat_response | From 4.9.0 (inc) to 4.9.297 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-201 | The code transmits data to another actor, but a portion of the data includes sensitive information that should not be accessible to that actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': 'CVE-2025-15329 is an information disclosure vulnerability in Tanium Threat Response. It allows an authenticated user who has the "Threat Response Configs - Read" permission to gain unauthorized read-only access to data beyond what they are normally allowed to see.'}, {'type': 'paragraph', 'content': 'This vulnerability affects versions of Threat Response prior to 4.9.297, 4.6.518, and 4.5.250, and it has been fixed in these versions and later.'}] [1]
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized disclosure of sensitive information because users with certain read permissions can access data beyond their intended scope.
This could result in exposure of confidential or sensitive data, potentially leading to privacy breaches or information leakage within an organization.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability allows an authenticated Tanium user with the "Threat Response Configs - Read" permission to gain unauthorized read-only access to data beyond their intended scope.'}, {'type': 'paragraph', 'content': 'Detection would involve verifying if any user with this permission is accessing data outside their authorized scope.'}, {'type': 'paragraph', 'content': 'However, no specific detection commands or network/system detection methods are provided.'}] [1]
What immediate steps should I take to mitigate this vulnerability?
The vulnerability is addressed in Tanium Threat Response versions 4.9.297, 4.6.518, and 4.5.250 and later.
Immediate mitigation involves upgrading to one of these fixed versions or later.
No other workarounds or mitigations are available.