Executive Summary

[{'type': 'paragraph', 'content': 'CVE-2025-15334 is an information disclosure vulnerability in Tanium Threat Response. It allows an authenticated user with the "Threat Response Response Actions - Read" permission to gain unauthorized read-only access to data beyond their intended scope.'}, {'type': 'paragraph', 'content': 'This means that users who should only have limited read access can potentially view additional sensitive information that they are not authorized to see.'}] [1]

Useful 0 Not Useful 0

Impact Analysis

The vulnerability can lead to unauthorized disclosure of sensitive information within Tanium Threat Response. Users with certain read permissions might access data they should not be able to see, potentially exposing confidential or sensitive organizational information.

This could increase the risk of data leaks, insider threats, or misuse of information, impacting the security posture of an organization.

Useful 0 Not Useful 0

Compliance Impact

I don't know

Useful 0 Not Useful 0

Detection Guidance

This vulnerability allows an authenticated Tanium user with specific permissions to gain unauthorized read-only access to data beyond their intended scope.

There are no specific detection commands or network/system detection methods provided for this vulnerability.

Useful 0 Not Useful 0

Mitigation Strategies

The vulnerability is resolved by updating Tanium Threat Response to the fixed versions: Update 22 (v4.5.266) in the 2024H1 release, Update 11 (v4.6.536) in the 2024H2 release, or Update 5 (v4.9.324) in the 2025H1 release, or any later versions.

No workarounds or other mitigations are available.

Therefore, the immediate step is to apply the appropriate update to your Tanium Threat Response installation.

Useful 0 Not Useful 0