CVE-2025-15342
Unknown Unknown - Not Provided
Improper Access Control in Tanium Reputation Risks Unauthorized Access

Publication date: 2026-02-05

Last updated on: 2026-02-10

Assigner: Tanium

Description
Tanium addressed an improper access controls vulnerability in Reputation.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-05
Last Modified
2026-02-10
Generated
2026-06-16
AI Q&A
2026-02-05
EPSS Evaluated
2026-06-15
NVD
CVE-2025-15342
EUVD
EUVD-2025-206850
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
tanium reputation From 6.3.0 (inc) to 6.3.227 (exc)
tanium reputation From 6.5.0 (inc) to 6.5.50 (exc)
tanium reputation From 6.6.0 (inc) to 6.6.72 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-863 The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

[{'type': 'paragraph', 'content': "CVE-2025-15342 is an improper access control vulnerability in Tanium's Reputation component."}, {'type': 'paragraph', 'content': 'It allows an authenticated Tanium user who only has the "Reputation Read" permission to escalate their privileges and gain unauthorized read and write access to data beyond what they are supposed to access.'}, {'type': 'paragraph', 'content': 'This vulnerability affects multiple Tanium Reputation versions prior to certain updates released between 2024 and 2025.'}] [1]

Detection Guidance

I don't know

Impact Analysis

The vulnerability can impact you by allowing users with limited read-only permissions to escalate their privileges and gain unauthorized read and write access to sensitive data.

This could lead to unauthorized modification or exposure of data within the Tanium Reputation component.

Since the vulnerability requires an authenticated user with some permissions, it could be exploited internally or by compromised accounts.

Compliance Impact

I don't know

Mitigation Strategies

To mitigate CVE-2025-15342, you should upgrade Tanium Reputation to the fixed versions: Update 23 (v6.3.227) or later for 2024H1 releases, Update 12 (v6.5.50) or later for 2024H2 releases, and Update 6 (v6.6.72) or later for 2025H1 releases.

No workarounds or alternative mitigations are available, so applying the updates is the only effective immediate step.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-15342. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart