Sudo Command Execution Flaw in Sudo Before Version 1.9.17p1
CVE-2025-32462

2.8LOW

Key Information:

Vendor: Sudo Project
Status: Sudo
Vendor: CVE Published:; 30 June 2025

🔔 Create Sudo Project Vulnerability Alert

Badges

📰 News Worthy

What is CVE-2025-32462?

The vulnerability in Sudo prior to version 1.9.17p1 allows users listed in a sudoers file to execute commands on unintended machines. This occurs when a sudoers configuration specifies a host that is neither the local machine nor encompasses all hosts (ALL), thereby exposing systems to potential unauthorized command execution. This issue underscores the importance of correctly configuring sudoers files to prevent unintended access and maintain system integrity.

Affected Version(s)

Sudo 1.8.8 < 1.9.17p1

News Articles

Help Net Security

CVE-2025-32462 CVE-2025-32463

Sudo local privilege escalation vulnerabilities fixed (CVE-2025-32462, CVE-2025-32463) - Help Net Security

If you haven't recently updated the Sudo utility on your Linux box(es), you should do so now, to patch CVE-2025-32462 and CVE-2025-32463.

14 hours ago

thmubnail image

References

https://www.sudo.ws/security/advisories/

https://www.sudo.ws/releases/changelog/

https://www.stratascale.com/vulnerability-alert-CVE-2025-...

CVSS V3.1

Score:

2.8

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

📰
First article discovered by Help Net Security
Jul 1, 2025
Vulnerability published
Jun 30, 2025
Vulnerability Reserved
Apr 9, 2025

.

CVE-2025-32462 : Sudo Command Execution Flaw in Sudo Before Version 1.9.17p1