Incorrect Default Permissions in Tanium Patch
CVE-2025-15337

6.5MEDIUM

Key Information:

Vendor: Tanium
Status: Patch
Vendor: CVE Published:; 5 February 2026

What is CVE-2025-15337?

An incorrect default permissions vulnerability in Tanium Patch allows unauthorized users to potentially access restricted functions or data. This flaw may lead to various unintended consequences, making it crucial for organizations utilizing Tanium Patch to assess their current security measures. By employing best practices, including regular updates and stringent permission settings, users can mitigate the risks associated with this vulnerability. For a detailed analysis, refer to the security advisory at TAN-2025-029.

Affected Version(s)

Patch 3.17.0 < 3.17.2300

Patch 3.19.0 < 3.19.232

Patch 3.24.0 < 3.24.137

References

https://security.tanium.com/TAN-2025-029

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 5, 2026
Vulnerability Reserved
Dec 29, 2025

CVE-2025-15337 Data

JSON