CVE-2025-15334
Unknown Unknown - Not Provided

Information Disclosure Vulnerability in Tanium Threat Response

Vulnerability report for CVE-2025-15334, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-02-05

Last updated on: 2026-02-10

Assigner: Tanium

Description

Tanium addressed an information disclosure vulnerability in Threat Response.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-02-05
Last Modified
2026-02-10
Generated
2026-07-06
AI Q&A
2026-02-05
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 3 associated CPEs
Vendor Product Version / Range
tanium threat_response From 4.5.0 (inc) to 4.5.266 (exc)
tanium threat_response From 4.6.0 (inc) to 4.6.536 (exc)
tanium threat_response From 4.9.0 (inc) to 4.9.324 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-276 During installation, installed file permissions are set to allow anyone to modify those files.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

[{'type': 'paragraph', 'content': 'CVE-2025-15334 is an information disclosure vulnerability in Tanium Threat Response. It allows an authenticated user with the "Threat Response Response Actions - Read" permission to gain unauthorized read-only access to data beyond their intended scope.'}, {'type': 'paragraph', 'content': 'This means that users who should only have limited read access can potentially view additional sensitive information that they are not authorized to see.'}] [1]

Impact Analysis

The vulnerability can lead to unauthorized disclosure of sensitive information within Tanium Threat Response. Users with certain read permissions might access data they should not be able to see, potentially exposing confidential or sensitive organizational information.

This could increase the risk of data leaks, insider threats, or misuse of information, impacting the security posture of an organization.

Compliance Impact

I don't know

Detection Guidance

This vulnerability allows an authenticated Tanium user with specific permissions to gain unauthorized read-only access to data beyond their intended scope.

There are no specific detection commands or network/system detection methods provided for this vulnerability.

Mitigation Strategies

The vulnerability is resolved by updating Tanium Threat Response to the fixed versions: Update 22 (v4.5.266) in the 2024H1 release, Update 11 (v4.6.536) in the 2024H2 release, or Update 5 (v4.9.324) in the 2025H1 release, or any later versions.

No workarounds or other mitigations are available.

Therefore, the immediate step is to apply the appropriate update to your Tanium Threat Response installation.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-15334. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart