CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2025-32462: Sudo before 1.9.17p1, when used with a sudoers file that specifies a host that is neither the current host nor ALL, allows listed users to execute...

2.8 CVSS

Description

Sudo before 1.9.17p1, when used with a sudoers file that specifies a host that is neither the current host nor ALL, allows listed users to execute commands on unintended machines.

Classification

CVE ID: CVE-2025-32462

CVSS Base Severity: LOW

CVSS Base Score: 2.8

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N

Problem Types

CWE-863 Incorrect Authorization

Affected Products

Vendor: Sudo project

Product: Sudo

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.24% (probability of being exploited)

EPSS Percentile: 47.33% (scored less or equal to compared to others)

EPSS Date: 2025-07-15 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-32462
https://www.sudo.ws/security/advisories/
https://www.sudo.ws/releases/changelog/
https://www.stratascale.com/vulnerability-alert-CVE-2025-32462-sudo-host
https://www.openwall.com/lists/oss-security/2025/06/30/2

Timeline

2025-06-30 21:40:10 UTC
CVE

Sudo before 1.9.17p1, when used with a sudoers file that specifies a host that is neither the current host nor ALL, allows listed users to execute...
2025-07-04 10:00:38 UTC
TheHackerNews

Critical Sudo Vulnerabilities Let Local Users Gain Root Access on Linux, Impacting Major Distros