Memory Leak Vulnerability in sudo-rs Implementation by Trifecta Tech Foundation
CVE-2025-64170

3.8LOW

Key Information:

Vendor: Trifectatechfoundation
Status: Sudo-rs
Vendor: CVE Published:; 12 November 2025

🔔 Create Trifectatechfoundation Vulnerability Alert

What is CVE-2025-64170?

The sudo-rs application, a secure implementation of sudo and su, contains a vulnerability that affects users' password security. When inputting a password, if the user delays pressing return for too long, it leads to a password timeout. In this circumstance, the entered keystrokes are echoed back to the console, potentially exposing partial password information. This information can be misused, allowing attackers to exploit password history files and conduct social engineering or pass-by attacks. The vulnerability has been addressed in version 0.2.10, highlighting the importance of timely software updates to ensure user security.

Affected Version(s)

sudo-rs >= 0.2.7, < 0.2.10

References

https://github.com/trifectatechfoundation/sudo-rs/securit...

x_refsource_CONFIRM

https://github.com/trifectatechfoundation/sudo-rs/release...

x_refsource_MISC

CVSS V3.1

Score:

3.8

Severity:

LOW

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Physical

Attack Complexity:

High

Privileges Required:

High

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 12, 2025
Vulnerability Reserved
Oct 28, 2025

JSON