Skip to content

TAN-2025-025

Tanium addressed an information disclosure vulnerability in Threat Response.

Severity: Medium

Base Score: 4.3

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Impact

This vulnerability could allow an authenticated Tanium user with the "Threat Response Sources - Write" permission to gain read-only access to data they should not have access to.

Products Affected

2024H1 Release:

  • Threat Response prior to Update 22 (v4.5.266).

2024H2 Release:

  • Threat Response prior to Update 11 (v4.6.536).

2025H1 Release:

  • Threat Response prior to Update 5 (v4.9.324).

Available Updates

2024H1 Release:

  • Update 22 (Threat Response v4.5.266) and later.

2024H2 Release:

  • Update 11 (Threat Response v4.6.536) and later.

2025H1 Release:

  • Update 5 (Threat Response v4.9.324) and later.

Workaround and Mitigations

None.

Acknowledgements

Tanium would like to thank Filip Waeytens, Frank Lycops, Jean-Michel Huguet, Jorge Escabias and Justin Hocquel from the NCIA/NCSC for responsibly reporting this issue.