CVE-2025-15330 – Tanium Deploy Improper Access Control Vulnerability
“A weakness in Tanium Deploy could allow attackers to bypass security checks and interfere with enterprise software deployment systems. If exploited, it could expose sensitive management functions that control how software is distributed across the network.”
Tanium released a security update addressing a vulnerability in Tanium Deploy, the platform used to manage and automate software deployments across enterprise endpoints. The issue affects how certain access controls are enforced within the deployment management functions. If left unpatched, an attacker could exploit the weakness to interact with restricted deployment features.
CVE-2025-15330 carries a CVSS v3.1 score of 8.8 (High). The vulnerability stems from improper access control validation that may allow unauthorized users to perform actions within the deployment environment. Successful exploitation could allow attackers to manipulate deployment processes, potentially affecting the integrity of software distributed across managed systems.
Tanium addressed the issue through a security update that strengthens authentication and access control checks within affected Deploy components. No verified real-world exploitation or confirmed public proof-of-concept code has been reported for this vulnerability.
Key Details
- Affected Product
- Tanium Deploy
- Attack Vector
- Network
- Attack Complexity
- Low
- Privileges Required
- Low
- User Interaction
- None
- CWE Classification
- CWE-862