Executive Summary

[{'type': 'paragraph', 'content': 'CVE-2025-15332 is an information disclosure vulnerability in Tanium Threat Response. It allows an authenticated user with the "Threat Response Audit - Read" permission to access data beyond their authorized scope in a read-only manner.'}, {'type': 'paragraph', 'content': 'This flaw affects versions of Threat Response prior to 4.9.297, 4.6.518, and 4.5.250, and has been fixed in these versions and later.'}] [1]

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can lead to unauthorized disclosure of sensitive information to users who should not have access to it, potentially exposing confidential data.

Since the access is read-only, it does not allow modification or disruption of data, but the confidentiality of information is compromised.

Useful 0 Not Useful 0

Compliance Impact

I don't know

Useful 0 Not Useful 0

Detection Guidance

There are no specific detection commands or methods provided to identify this vulnerability on your network or system.

Useful 0 Not Useful 0

Mitigation Strategies

To mitigate this vulnerability, you should upgrade Tanium Threat Response to version 4.9.297, 4.6.518, 4.5.250 or later, as these versions have addressed the issue.

There are no available workarounds or other mitigations.

Useful 0 Not Useful 0