CVE-2025-15334
Information Disclosure Vulnerability in Tanium Threat Response
Publication date: 2026-02-05
Last updated on: 2026-02-10
Assigner: Tanium
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| tanium | threat_response | From 4.5.0 (inc) to 4.5.266 (exc) |
| tanium | threat_response | From 4.6.0 (inc) to 4.6.536 (exc) |
| tanium | threat_response | From 4.9.0 (inc) to 4.9.324 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-276 | During installation, installed file permissions are set to allow anyone to modify those files. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': 'CVE-2025-15334 is an information disclosure vulnerability in Tanium Threat Response. It allows an authenticated user with the "Threat Response Response Actions - Read" permission to gain unauthorized read-only access to data beyond their intended scope.'}, {'type': 'paragraph', 'content': 'This means that users who should only have limited read access can potentially view additional sensitive information that they are not authorized to see.'}] [1]
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized disclosure of sensitive information within Tanium Threat Response. Users with certain read permissions might access data they should not be able to see, potentially exposing confidential or sensitive organizational information.
This could increase the risk of data leaks, insider threats, or misuse of information, impacting the security posture of an organization.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability allows an authenticated Tanium user with specific permissions to gain unauthorized read-only access to data beyond their intended scope.
There are no specific detection commands or network/system detection methods provided for this vulnerability.
What immediate steps should I take to mitigate this vulnerability?
The vulnerability is resolved by updating Tanium Threat Response to the fixed versions: Update 22 (v4.5.266) in the 2024H1 release, Update 11 (v4.6.536) in the 2024H2 release, or Update 5 (v4.9.324) in the 2025H1 release, or any later versions.
No workarounds or other mitigations are available.
Therefore, the immediate step is to apply the appropriate update to your Tanium Threat Response installation.