CVE-2025-15340 is a vulnerability identified in Tanium Comply, a widely used endpoint compliance and risk management solution. The issue stems from incorrect default permissions assigned within the product, which can inadvertently grant users with high privileges access to sensitive information or capabilities beyond their intended scope. Specifically, the vulnerability affects versions 2.24.0, 2.29.0, and 2.32.0 of Tanium Comply. The CVSS 3.1 base score is 6.5, indicating a medium severity level. The vector string (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N) reveals that the attack can be performed remotely over the network with low attack complexity but requires the attacker to have high privileges on the system. No user interaction is needed, and the scope remains unchanged, meaning the impact is confined to the vulnerable component. The vulnerability primarily compromises confidentiality and integrity by allowing unauthorized access or modification of sensitive compliance data, but it does not affect system availability. Tanium has addressed this issue, though no public exploit code or active exploitation has been reported to date. Organizations relying on Tanium Comply for compliance monitoring and endpoint security should be aware that improper permission settings can lead to data leaks or unauthorized configuration changes, potentially undermining compliance efforts and security posture.

For European organizations, this vulnerability poses a risk to the confidentiality and integrity of compliance and endpoint management data. Tanium Comply is often deployed in large enterprises and critical infrastructure sectors such as finance, healthcare, and government agencies, where compliance data is sensitive and tightly regulated under frameworks like GDPR. Unauthorized access due to incorrect default permissions could lead to exposure of sensitive compliance reports, misconfiguration of endpoint policies, or unauthorized data modification, potentially resulting in regulatory non-compliance, reputational damage, and operational risks. Although exploitation requires high privileges, insider threats or compromised administrative accounts could leverage this vulnerability to escalate their access or exfiltrate data. The absence of availability impact reduces the risk of service disruption but does not diminish the seriousness of data confidentiality breaches. Given the medium severity and the nature of the affected product, organizations should consider this vulnerability a significant risk in their compliance and endpoint security environments.

To mitigate CVE-2025-15340, European organizations should first identify all instances of Tanium Comply running vulnerable versions (2.24.0, 2.29.0, 2.32.0). Immediate steps include reviewing and tightening permission configurations to ensure that only authorized users have high privileges. Organizations should apply any available patches or updates from Tanium as soon as they are released. In the absence of patches, implement compensating controls such as network segmentation to limit access to Tanium Comply servers, enhanced monitoring and logging of administrative actions, and strict access control policies for privileged accounts. Regular audits of user permissions and role assignments can help detect and prevent privilege creep. Additionally, employing multi-factor authentication (MFA) for administrative access reduces the risk of credential compromise. Security teams should also conduct internal penetration testing and vulnerability assessments focused on Tanium Comply deployments to verify the effectiveness of mitigations.