CVE-2025-15336
Unknown Unknown - Not Provided
Incorrect Default Permissions in Tanium Performance Component

Publication date: 2026-02-05

Last updated on: 2026-02-10

Assigner: Tanium

Description
Tanium addressed an incorrect default permissions vulnerability in Performance.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-05
Last Modified
2026-02-10
Generated
2026-06-16
AI Q&A
2026-02-05
EPSS Evaluated
2026-06-15
NVD
CVE-2025-15336
EUVD
EUVD-2025-206849
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
tanium performance From 1.17.0 (inc) to 1.17.134 (exc)
tanium performance From 1.21.0 (inc) to 1.21.141 (exc)
tanium performance From 1.22.0 (inc) to 1.22.288 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-276 During installation, installed file permissions are set to allow anyone to modify those files.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-15336 is a medium severity vulnerability in multiple Tanium modules caused by incorrect default permissions.

It allows an authenticated Tanium user with certain service account or component management permissions to read and write all platform content.

This means that users who should have limited access can potentially access and modify sensitive data across the platform.

Impact Analysis

This vulnerability can compromise the confidentiality and integrity of all platform content within affected Tanium modules.

An authenticated user with specific permissions could read and modify sensitive data, potentially leading to unauthorized data exposure or alteration.

However, the vulnerability does not affect the availability of the platform.

Compliance Impact

I don't know

Detection Guidance

This vulnerability affects specific versions of Tanium modules including Benchmark, Comply, Discover, Partner Integration, Patch, and Performance prior to certain update versions.

Detection involves verifying the installed versions of these Tanium modules to see if they are prior to the fixed updates.

No specific commands or network detection methods are provided in the available information.

Mitigation Strategies

The only effective mitigation is to upgrade affected Tanium modules to the fixed versions.

  • For 2024H1 releases, upgrade to Update 23 or later.
  • For 2024H2 releases, upgrade to Update 12 or later.
  • For 2025H1 releases, upgrade to Update 6 or later.

No workarounds or alternative mitigations are available.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-15336. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart