Executive Summary

[{'type': 'paragraph', 'content': 'CVE-2025-15329 is an information disclosure vulnerability in Tanium Threat Response. It allows an authenticated user who has the "Threat Response Configs - Read" permission to gain unauthorized read-only access to data beyond what they are normally allowed to see.'}, {'type': 'paragraph', 'content': 'This vulnerability affects versions of Threat Response prior to 4.9.297, 4.6.518, and 4.5.250, and it has been fixed in these versions and later.'}] [1]

Useful 0 Not Useful 0

Impact Analysis

The vulnerability can lead to unauthorized disclosure of sensitive information because users with certain read permissions can access data beyond their intended scope.

This could result in exposure of confidential or sensitive data, potentially leading to privacy breaches or information leakage within an organization.

Useful 0 Not Useful 0

Compliance Impact

I don't know

Useful 0 Not Useful 0

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability allows an authenticated Tanium user with the "Threat Response Configs - Read" permission to gain unauthorized read-only access to data beyond their intended scope.'}, {'type': 'paragraph', 'content': 'Detection would involve verifying if any user with this permission is accessing data outside their authorized scope.'}, {'type': 'paragraph', 'content': 'However, no specific detection commands or network/system detection methods are provided.'}] [1]

Useful 0 Not Useful 0

Mitigation Strategies

The vulnerability is addressed in Tanium Threat Response versions 4.9.297, 4.6.518, and 4.5.250 and later.

Immediate mitigation involves upgrading to one of these fixed versions or later.

No other workarounds or mitigations are available.

Useful 0 Not Useful 0