Sudo Command Execution Flaw in Sudo Before Version 1.9.17p1
CVE-2025-32462

2.8LOW

Key Information:

Status
Vendor
CVE Published:
30 June 2025

Badges

đź“° News Worthy

What is CVE-2025-32462?

The vulnerability in Sudo prior to version 1.9.17p1 allows users listed in a sudoers file to execute commands on unintended machines. This occurs when a sudoers configuration specifies a host that is neither the local machine nor encompasses all hosts (ALL), thereby exposing systems to potential unauthorized command execution. This issue underscores the importance of correctly configuring sudoers files to prevent unintended access and maintain system integrity.

Affected Version(s)

Sudo 1.8.8 < 1.9.17p1

News Articles

Sudo local privilege escalation vulnerabilities fixed (CVE-2025-32462, CVE-2025-32463) - Help Net Security

If you haven't recently updated the Sudo utility on your Linux box(es), you should do so now, to patch CVE-2025-32462 and CVE-2025-32463.

14 hours ago

References

CVSS V3.1

Score:
2.8
Severity:
LOW
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • đź“°

    First article discovered by Help Net Security

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-32462 : Sudo Command Execution Flaw in Sudo Before Version 1.9.17p1