Information Disclosure Vulnerability in sudo-rs by Trifecta Tech Foundation
CVE-2025-46717

3.3LOW

Key Information:

Vendor: Trifectatechfoundation
Status: Sudo-rs
Vendor: CVE Published:; 12 May 2025

🔔 Create Trifectatechfoundation Vulnerability Alert

What is CVE-2025-46717?

sudo-rs is a memory-safe implementation of the sudo and su commands written in Rust. Prior to version 0.2.6, a design flaw allowed users with minimal or no sudo privileges to execute the command sudo --list <pathname>. This could result in unauthorized file existence queries, potentially revealing sensitive information about the file structure on the system. Such information could be exploited in conjunction with other attacks, making it crucial for users to upgrade to version 0.2.6 or later to mitigate this risk.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

sudo-rs < 0.2.6

References

https://github.com/trifectatechfoundation/sudo-rs/securit...

x_refsource_CONFIRM

https://github.com/trifectatechfoundation/sudo-rs/release...

x_refsource_MISC

CVSS V3.1

Score:

3.3

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 12, 2025
Vulnerability Reserved
Apr 28, 2025

JSON

Trifectatechfoundation