CVE-2025-15334: Tanium Threat Response Disclosure Flaw

CVE-2025-15334 Overview

CVE-2025-15334 is an information disclosure vulnerability affecting Tanium Threat Response. This vulnerability arises from incorrect default permissions (CWE-276), which could allow an authenticated attacker with network access to gain unauthorized access to sensitive information within the Threat Response component.

Critical Impact

Authenticated attackers could exploit incorrect default permissions to access sensitive information that should otherwise be restricted, potentially exposing threat intelligence data, incident response configurations, or other protected assets within the Tanium environment.

Affected Products

• Tanium Threat Response (specific affected versions not disclosed)

Discovery Timeline

• 2026-02-05 - CVE CVE-2025-15334 published to NVD
• 2026-02-05 - Last updated in NVD database

Technical Details for CVE-2025-15334

Vulnerability Analysis

This information disclosure vulnerability stems from incorrect default permissions within Tanium Threat Response. The weakness allows authenticated users with low privileges to access data they should not be permitted to view. The vulnerability requires network access and valid authentication credentials, but does not require user interaction to exploit.

The impact is limited to confidentiality exposure with no direct effect on system integrity or availability. Attackers could potentially access sensitive threat intelligence, detection rules, or incident response data stored within the Threat Response component.

Root Cause

The vulnerability is classified under CWE-276 (Incorrect Default Permissions). This weakness occurs when software sets insecure permissions during installation or configuration, providing broader access than intended to resources, files, or data objects. In this case, Tanium Threat Response's default permission configuration does not adequately restrict access to sensitive information, allowing low-privileged authenticated users to read data beyond their authorization level.

Attack Vector

The attack vector for CVE-2025-15334 is network-based, requiring the attacker to have authenticated access to the Tanium environment. Exploitation does not require user interaction and can be performed with low-privilege credentials. The attacker would leverage their authenticated session to access resources protected by insufficiently restrictive default permissions, potentially extracting sensitive information from the Threat Response module.

Since no verified proof-of-concept code is available for this vulnerability, specific exploitation techniques are not publicly documented. Organizations should refer to the Tanium Security Advisory TAN-2025-026 for detailed technical information and remediation guidance.

Detection Methods for CVE-2025-15334

Indicators of Compromise

• Unusual data access patterns from low-privileged accounts within Tanium Threat Response
• Unexpected queries or API calls attempting to access restricted threat intelligence data
• Audit log entries showing access to protected resources by unauthorized user accounts
• Anomalous session activity from authenticated users accessing data outside their normal scope

Detection Strategies

• Review Tanium audit logs for unauthorized access attempts to Threat Response data
• Monitor for unusual API activity patterns that may indicate information harvesting
• Implement user behavior analytics to detect abnormal data access by low-privileged accounts
• Configure alerts for access to sensitive Threat Response configurations or threat intelligence data

Monitoring Recommendations

• Enable comprehensive audit logging for all Tanium Threat Response access
• Implement real-time monitoring of permission changes within the Tanium environment
• Configure SIEM rules to correlate access patterns with user privilege levels
• Regularly review access control configurations and permission settings

How to Mitigate CVE-2025-15334

Immediate Actions Required

• Review the Tanium Security Advisory TAN-2025-026 for specific remediation steps
• Audit current permission settings within Tanium Threat Response
• Verify that user accounts have appropriate access levels based on role requirements
• Apply available security patches or updates from Tanium

Patch Information

Tanium has addressed this vulnerability as documented in Security Advisory TAN-2025-026. Organizations should consult this advisory for specific patch versions and update procedures. Contact Tanium support for access to the security update if not available through standard update channels.

Workarounds

• Implement the principle of least privilege for all Tanium user accounts pending patch deployment
• Review and tighten default permission settings within Threat Response configurations
• Restrict network access to Tanium infrastructure to authorized personnel only
• Monitor access logs closely for any suspicious activity until the patch is applied

Organizations should prioritize applying the official Tanium security update to fully remediate this vulnerability. The workarounds above provide temporary risk reduction but do not address the underlying permission configuration issue.