CVE-2025-15341 is a vulnerability identified in Tanium Benchmark, a product used for endpoint management and security benchmarking. The issue stems from incorrect default permissions assigned within the software, which inadvertently grant excessive access rights to users with privileged accounts. Specifically, the vulnerability allows these users to read and modify sensitive data that should be restricted, thereby compromising confidentiality and integrity. The vulnerability does not affect system availability. The CVSS 3.1 vector (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N) indicates that the attack can be performed remotely over the network with low attack complexity but requires high-level privileges and no user interaction. Tanium Benchmark versions 2.7.0, 2.9.0, and 2.12.0 are affected. Although no public exploits have been reported, the presence of incorrect default permissions is a common vector for privilege escalation and data leakage in enterprise environments. Tanium has acknowledged the issue and addressed it, though patch links are not provided in the source data. Organizations relying on Tanium Benchmark for endpoint security should be aware that improper permissions could expose critical security data or allow unauthorized configuration changes, potentially undermining their security posture.

For European organizations, the vulnerability poses a risk primarily to the confidentiality and integrity of sensitive security and endpoint management data. Since Tanium Benchmark is often deployed in large enterprises and critical infrastructure sectors, unauthorized access could lead to exposure of security configurations, audit data, or benchmarking results, which attackers could leverage for further attacks or espionage. The requirement for privileged authentication limits the attack surface to insiders or compromised privileged accounts, but the remote network attack vector increases risk if such credentials are obtained. The lack of impact on availability reduces the likelihood of service disruption but does not diminish the potential damage from data compromise. European organizations in finance, energy, healthcare, and government sectors using affected versions should consider this vulnerability a significant risk to their security monitoring and compliance capabilities.

1. Apply vendor patches promptly once available to correct the default permission settings in Tanium Benchmark. 2. Conduct a thorough audit of user and administrative permissions within the Tanium Benchmark environment to ensure the principle of least privilege is enforced. 3. Restrict access to Tanium Benchmark management interfaces to a minimal set of trusted administrators and monitor privileged account activity closely. 4. Implement network segmentation and access controls to limit remote access to Tanium Benchmark servers. 5. Use multi-factor authentication for all privileged accounts to reduce the risk of credential compromise. 6. Regularly review and update security policies related to endpoint management tools to detect and respond to unusual access patterns. 7. Engage in proactive threat hunting and monitoring for signs of misuse of privileged accounts or attempts to exploit permission weaknesses.