CVE-2025-32462

Sažetak

Sudo before 1.9.17p1, when used with a sudoers file that specifies a host that is neither the current host nor ALL, allows listed users to execute commands on unintended machines.

Reference

https://www.openwall.com/lists/oss-security/2025/06/30/2
https://www.secpod.com/blog/sudo-lpe-vulnerabilities-resolved-what-you-need-to-know-about-cve-2025-32462-and-cve-2025-32463/
https://www.stratascale.com/vulnerability-alert-CVE-2025-32462-sudo-host
https://www.sudo.ws/releases/changelog/
https://www.sudo.ws/security/advisories/

CVSS

Base:	2.8
Impact:	1.4
Exploitability:	1.1

Pristup

Vektor	Složenost	Autentikacija
LOCAL	HIGH	LOW

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	LOW	NONE

CVSS vektor

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N

Zadnje važnije ažuriranje

17-07-2025 - 15:56

Objavljeno

30-06-2025 - 21:15