CVE-2025-32462

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-32462
Sudo before 1.9.17p1, when used with a sudoers file that specifies a host that is neither the current host nor ALL, allows listed users to execute commands on unintended machines.

2.8 /10

CVSS v3 : LOW

V3 Legend

Vector :

Exploitability : 1.1 / Impact : 1.4

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References
Link Resource
https://access.redhat.com/security/cve/cve-2025-32462
https://bugs.gentoo.org/show_bug.cgi?id=CVE-2025-32462
https://explore.alas.aws.amazon.com/CVE-2025-32462.html
https://lists.debian.org/debian-security-announce/2025/msg00118.html
https://security-tracker.debian.org/tracker/CVE-2025-32462
https://ubuntu.com/security/notices/USN-7604-1
https://www.openwall.com/lists/oss-security/2025/06/30/2 Mailing List Third Party Advisory
https://www.secpod.com/blog/sudo-lpe-vulnerabilities-resolved-what-you-need-to-know-about-cve-2025-32462-and-cve-2025-32463/ Third Party Advisory
https://www.stratascale.com/vulnerability-alert-CVE-2025-32462-sudo-host Exploit Third Party Advisory
https://www.sudo.ws/releases/changelog/ Release Notes
https://www.sudo.ws/security/advisories/ Vendor Advisory
https://www.sudo.ws/security/advisories/host_any/
https://www.suse.com/security/cve/CVE-2025-32462.html
https://lists.debian.org/debian-lts-announce/2025/06/msg00033.html
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:sudo_project:sudo:*:*:*:*:*:*:*:*
cpe:2.3:a:sudo_project:sudo:1.9.17:-:*:*:*:*:*:*
History

03 Nov 2025, 20:18

Type Values Removed Values Added
References
  • () https://lists.debian.org/debian-lts-announce/2025/06/msg00033.html -

25 Jul 2025, 15:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/security/cve/cve-2025-32462 -
  • () https://bugs.gentoo.org/show_bug.cgi?id=CVE-2025-32462 -
  • () https://explore.alas.aws.amazon.com/CVE-2025-32462.html -
  • () https://lists.debian.org/debian-security-announce/2025/msg00118.html -
  • () https://security-tracker.debian.org/tracker/CVE-2025-32462 -
  • () https://ubuntu.com/security/notices/USN-7604-1 -
  • () https://www.suse.com/security/cve/CVE-2025-32462.html -

19 Jul 2025, 03:15

Type Values Removed Values Added
References
  • () https://www.sudo.ws/security/advisories/host_any/ -

17 Jul 2025, 15:56

Type Values Removed Values Added
References () https://www.openwall.com/lists/oss-security/2025/06/30/2 - () https://www.openwall.com/lists/oss-security/2025/06/30/2 - Mailing List, Third Party Advisory
References () https://www.secpod.com/blog/sudo-lpe-vulnerabilities-resolved-what-you-need-to-know-about-cve-2025-32462-and-cve-2025-32463/ - () https://www.secpod.com/blog/sudo-lpe-vulnerabilities-resolved-what-you-need-to-know-about-cve-2025-32462-and-cve-2025-32463/ - Third Party Advisory
References () https://www.stratascale.com/vulnerability-alert-CVE-2025-32462-sudo-host - () https://www.stratascale.com/vulnerability-alert-CVE-2025-32462-sudo-host - Exploit, Third Party Advisory
References () https://www.sudo.ws/releases/changelog/ - () https://www.sudo.ws/releases/changelog/ - Release Notes
References () https://www.sudo.ws/security/advisories/ - () https://www.sudo.ws/security/advisories/ - Vendor Advisory
First Time Sudo Project
Sudo Project sudo
CPE cpe:2.3:a:sudo_project:sudo:1.9.17:-:*:*:*:*:*:*
cpe:2.3:a:sudo_project:sudo:*:*:*:*:*:*:*:*

09 Jul 2025, 18:15

Type Values Removed Values Added
References
  • () https://www.secpod.com/blog/sudo-lpe-vulnerabilities-resolved-what-you-need-to-know-about-cve-2025-32462-and-cve-2025-32463/ -

03 Jul 2025, 15:14

Type Values Removed Values Added
Summary
  • (es) Sudo anterior a 1.9.17p1, cuando se usa con un archivo sudoers que especifica un host que no es ni el host actual ni ALL, permite a los usuarios enumerados ejecutar comandos en máquinas no deseadas.

30 Jun 2025, 21:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-06-30 21:15

Updated : 2025-11-03 20:18

NVD link : CVE-2025-32462

Mitre link : CVE-2025-32462

CVE.ORG link : CVE-2025-32462

JSON object : View

Products Affected

sudo_project

  • sudo
CWE
CWE-863

Incorrect Authorization