CVE-2025-15333 is an information disclosure vulnerability identified in Tanium Threat Response, a security product used for endpoint detection and response. The vulnerability arises from incorrect default permissions configured in versions 4.5.0, 4.6.0, and 4.9.0, which inadvertently allow users with limited privileges (PR:L) to access sensitive information without requiring user interaction (UI:N). The CVSS v3.1 base score is 4.3, reflecting a medium severity level, with the attack vector being network-based (AV:N) and low attack complexity (AC:L). The scope is unchanged (S:U), and the impact is limited to confidentiality (C:L), with no impact on integrity or availability. This means an attacker who can authenticate with low privileges could potentially retrieve sensitive data that should be restricted, possibly exposing internal system details or security telemetry. No known exploits have been reported in the wild, and Tanium has acknowledged and addressed the issue, although specific patch details are not provided in the data. The vulnerability underscores the importance of secure default configurations in security tools, as misconfigurations can undermine the protection these tools are meant to provide. Organizations relying on Tanium Threat Response should verify their current version and permissions settings to ensure no unauthorized data exposure is possible.

For European organizations, this vulnerability could lead to unauthorized disclosure of sensitive information collected or managed by Tanium Threat Response. Since the product is often deployed in enterprise environments for endpoint security and incident response, exposure of such data could aid attackers in reconnaissance or lateral movement within networks. The impact is primarily on confidentiality, with no direct effect on system integrity or availability. However, leaked information could include details about endpoints, security events, or configurations that adversaries might exploit. Organizations in sectors with high regulatory requirements for data protection, such as finance, healthcare, and critical infrastructure, could face compliance risks if sensitive data is exposed. The medium severity rating suggests that while the risk is not critical, it is significant enough to warrant timely remediation to prevent potential escalation or exploitation. The absence of known exploits reduces immediate risk but does not eliminate the threat, especially if attackers develop techniques to leverage this vulnerability.

1. Immediately audit and review the default permissions configured in Tanium Threat Response installations, focusing on user roles and access controls to ensure least privilege principles are enforced. 2. Apply any available patches or updates from Tanium as soon as they are released to address this vulnerability directly. 3. Restrict network access to the Tanium Threat Response management interfaces to trusted administrators only, using network segmentation and firewall rules. 4. Implement strong authentication mechanisms and monitor privileged account usage for unusual activity. 5. Conduct regular security assessments and penetration tests to verify that no unauthorized information disclosure is possible. 6. Educate security teams about the vulnerability and ensure incident response plans include steps to handle potential information leakage scenarios. 7. If immediate patching is not possible, consider temporary compensating controls such as disabling affected features or limiting user access until remediation is complete.