CVE-2025-15342
Improper Access Control in Tanium Reputation Risks Unauthorized Access
Publication date: 2026-02-05
Last updated on: 2026-02-10
Assigner: Tanium
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| tanium | reputation | From 6.3.0 (inc) to 6.3.227 (exc) |
| tanium | reputation | From 6.5.0 (inc) to 6.5.50 (exc) |
| tanium | reputation | From 6.6.0 (inc) to 6.6.72 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-863 | The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': "CVE-2025-15342 is an improper access control vulnerability in Tanium's Reputation component."}, {'type': 'paragraph', 'content': 'It allows an authenticated Tanium user who only has the "Reputation Read" permission to escalate their privileges and gain unauthorized read and write access to data beyond what they are supposed to access.'}, {'type': 'paragraph', 'content': 'This vulnerability affects multiple Tanium Reputation versions prior to certain updates released between 2024 and 2025.'}] [1]
How can this vulnerability impact me? :
The vulnerability can impact you by allowing users with limited read-only permissions to escalate their privileges and gain unauthorized read and write access to sensitive data.
This could lead to unauthorized modification or exposure of data within the Tanium Reputation component.
Since the vulnerability requires an authenticated user with some permissions, it could be exploited internally or by compromised accounts.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
What immediate steps should I take to mitigate this vulnerability?
To mitigate CVE-2025-15342, you should upgrade Tanium Reputation to the fixed versions: Update 23 (v6.3.227) or later for 2024H1 releases, Update 12 (v6.5.50) or later for 2024H2 releases, and Update 6 (v6.6.72) or later for 2025H1 releases.
No workarounds or alternative mitigations are available, so applying the updates is the only effective immediate step.