{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2025-32462", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2025-11-03T19:53:32.346Z", "dateReserved": "2025-04-09T00:00:00.000Z", "datePublished": "2025-06-30T00:00:00.000Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Sudo", "vendor": "Sudo project", "versions": [{"lessThan": "1.9.17p1", "status": "affected", "version": "1.8.8", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "Sudo before 1.9.17p1, when used with a sudoers file that specifies a host that is neither the current host nor ALL, allows listed users to execute commands on unintended machines."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-863", "description": "CWE-863 Incorrect Authorization", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2025-07-25T14:10:01.237Z"}, "references": [{"url": "https://www.sudo.ws/security/advisories/"}, {"url": "https://www.sudo.ws/releases/changelog/"}, {"url": "https://www.stratascale.com/vulnerability-alert-CVE-2025-32462-sudo-host"}, {"url": "https://www.openwall.com/lists/oss-security/2025/06/30/2"}, {"url": "https://ubuntu.com/security/notices/USN-7604-1"}, {"url": "https://www.secpod.com/blog/sudo-lpe-vulnerabilities-resolved-what-you-need-to-know-about-cve-2025-32462-and-cve-2025-32463/"}, {"url": "https://www.sudo.ws/security/advisories/host_any/"}, {"url": "https://lists.debian.org/debian-security-announce/2025/msg00118.html"}, {"url": "https://explore.alas.aws.amazon.com/CVE-2025-32462.html"}, {"url": "https://bugs.gentoo.org/show_bug.cgi?id=CVE-2025-32462"}, {"url": "https://security-tracker.debian.org/tracker/CVE-2025-32462"}, {"url": "https://www.suse.com/security/cve/CVE-2025-32462.html"}, {"url": "https://access.redhat.com/security/cve/cve-2025-32462"}], "x_generator": {"engine": "enrichogram 0.0.1"}, "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 2.8, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N"}}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:sudo_project:sudo:*:*:*:*:*:*:*:*", "versionStartIncluding": "1.8.8", "versionEndExcluding": "1.9.17p1"}]}]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-07-01T13:25:34.777689Z", "id": "CVE-2025-32462", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-01T13:25:41.728Z"}}, {"title": "CVE Program Container", "references": [{"url": "https://lists.debian.org/debian-lts-announce/2025/06/msg00033.html"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-03T19:53:32.346Z"}}]}, "dataVersion": "5.2"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://lists.debian.org/debian-lts-announce/2025/06/msg00033.html"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-03T19:53:32.346Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-32462", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-07-01T13:25:34.777689Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-01T13:25:39.409Z"}}], "cna": {"metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 2.8, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N"}}], "affected": [{"vendor": "Sudo project", "product": "Sudo", "versions": [{"status": "affected", "version": "1.8.8", "lessThan": "1.9.17p1", "versionType": "custom"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.sudo.ws/security/advisories/"}, {"url": "https://www.sudo.ws/releases/changelog/"}, {"url": "https://www.stratascale.com/vulnerability-alert-CVE-2025-32462-sudo-host"}, {"url": "https://www.openwall.com/lists/oss-security/2025/06/30/2"}, {"url": "https://ubuntu.com/security/notices/USN-7604-1"}, {"url": "https://www.secpod.com/blog/sudo-lpe-vulnerabilities-resolved-what-you-need-to-know-about-cve-2025-32462-and-cve-2025-32463/"}, {"url": "https://www.sudo.ws/security/advisories/host_any/"}, {"url": "https://lists.debian.org/debian-security-announce/2025/msg00118.html"}, {"url": "https://explore.alas.aws.amazon.com/CVE-2025-32462.html"}, {"url": "https://bugs.gentoo.org/show_bug.cgi?id=CVE-2025-32462"}, {"url": "https://security-tracker.debian.org/tracker/CVE-2025-32462"}, {"url": "https://www.suse.com/security/cve/CVE-2025-32462.html"}, {"url": "https://access.redhat.com/security/cve/cve-2025-32462"}], "x_generator": {"engine": "enrichogram 0.0.1"}, "descriptions": [{"lang": "en", "value": "Sudo before 1.9.17p1, when used with a sudoers file that specifies a host that is neither the current host nor ALL, allows listed users to execute commands on unintended machines."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-863", "description": "CWE-863 Incorrect Authorization"}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sudo_project:sudo:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "1.9.17p1", "versionStartIncluding": "1.8.8"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2025-07-25T14:10:01.237Z"}}}, "cveMetadata": {"cveId": "CVE-2025-32462", "state": "PUBLISHED", "dateUpdated": "2025-11-03T19:53:32.346Z", "dateReserved": "2025-04-09T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2025-06-30T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sudo_project:sudo:*:*:*:*:*:*:*:*", "matchCriteriaId": "F87EA85C-7218-4B4A-BEDD-3E659E0F1844", "versionEndExcluding": "1.9.17", "vulnerable": true}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.9.17:-:*:*:*:*:*:*", "matchCriteriaId": "B563C690-EE9A-437C-9410-54209F82F827", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Sudo before 1.9.17p1, when used with a sudoers file that specifies a host that is neither the current host nor ALL, allows listed users to execute commands on unintended machines."}, {"lang": "es", "value": "Sudo anterior a 1.9.17p1, cuando se usa con un archivo sudoers que especifica un host que no es ni el host actual ni ALL, permite a los usuarios enumerados ejecutar comandos en m\u00e1quinas no deseadas."}], "id": "CVE-2025-32462", "lastModified": "2025-11-03T20:18:27.727", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 2.8, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.1, "impactScore": 1.4, "source": "cve@mitre.org", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.0, "impactScore": 6.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2025-06-30T21:15:30.080", "references": [{"source": "cve@mitre.org", "url": "https://access.redhat.com/security/cve/cve-2025-32462"}, {"source": "cve@mitre.org", "url": "https://bugs.gentoo.org/show_bug.cgi?id=CVE-2025-32462"}, {"source": "cve@mitre.org", "url": "https://explore.alas.aws.amazon.com/CVE-2025-32462.html"}, {"source": "cve@mitre.org", "url": "https://lists.debian.org/debian-security-announce/2025/msg00118.html"}, {"source": "cve@mitre.org", "url": "https://security-tracker.debian.org/tracker/CVE-2025-32462"}, {"source": "cve@mitre.org", "url": "https://ubuntu.com/security/notices/USN-7604-1"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://www.openwall.com/lists/oss-security/2025/06/30/2"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.secpod.com/blog/sudo-lpe-vulnerabilities-resolved-what-you-need-to-know-about-cve-2025-32462-and-cve-2025-32463/"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://www.stratascale.com/vulnerability-alert-CVE-2025-32462-sudo-host"}, {"source": "cve@mitre.org", "tags": ["Release Notes"], "url": "https://www.sudo.ws/releases/changelog/"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://www.sudo.ws/security/advisories/"}, {"source": "cve@mitre.org", "url": "https://www.sudo.ws/security/advisories/host_any/"}, {"source": "cve@mitre.org", "url": "https://www.suse.com/security/cve/CVE-2025-32462.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2025/06/msg00033.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-863"}], "source": "cve@mitre.org", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2025:10110", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "sudo-0:1.9.5p2-1.el8_10.1", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2025-07-01T00:00:00Z"}, {"advisory": "RHSA-2025:10518", "cpe": "cpe:/o:redhat:rhel_aus:8.2", "package": "sudo-0:1.8.29-5.el8_2.3", "product_name": "Red Hat Enterprise Linux 8.2 Advanced Update Support", "release_date": "2025-07-07T00:00:00Z"}, {"advisory": "RHSA-2025:10383", "cpe": "cpe:/o:redhat:rhel_aus:8.4", "package": "sudo-0:1.8.29-7.el8_4.3", "product_name": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "release_date": "2025-07-07T00:00:00Z"}, {"advisory": "RHSA-2025:10383", "cpe": "cpe:/o:redhat:rhel_eus_long_life:8.4", "package": "sudo-0:1.8.29-7.el8_4.3", "product_name": "Red Hat Enterprise Linux 8.4 Extended Update Support EXTENSION", "release_date": "2025-07-07T00:00:00Z"}, {"advisory": "RHSA-2025:10520", "cpe": "cpe:/o:redhat:rhel_aus:8.6", "package": "sudo-0:1.9.5p2-1.el8_6.1", "product_name": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support", "release_date": "2025-07-07T00:00:00Z"}, {"advisory": "RHSA-2025:10520", "cpe": "cpe:/o:redhat:rhel_tus:8.6", "package": "sudo-0:1.9.5p2-1.el8_6.1", "product_name": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service", "release_date": "2025-07-07T00:00:00Z"}, {"advisory": "RHSA-2025:10520", "cpe": "cpe:/o:redhat:rhel_e4s:8.6", "package": "sudo-0:1.9.5p2-1.el8_6.1", "product_name": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions", "release_date": "2025-07-07T00:00:00Z"}, {"advisory": "RHSA-2025:9978", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "sudo-0:1.9.5p2-10.el9_6.1", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2025-06-30T00:00:00Z"}, {"advisory": "RHSA-2025:9978", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "sudo-0:1.9.5p2-10.el9_6.1", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2025-06-30T00:00:00Z"}, {"advisory": "RHSA-2025:10707", "cpe": "cpe:/a:redhat:rhel_eus:9.4", "package": "sudo-0:1.9.5p2-10.el9_4.1", "product_name": "Red Hat Enterprise Linux 9.4 Extended Update Support", "release_date": "2025-07-09T00:00:00Z"}], "bugzilla": {"description": "sudo: LPE via host option", "id": "2374692", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2374692"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-863", "details": ["Sudo before 1.9.17p1, when used with a sudoers file that specifies a host that is neither the current host nor ALL, allows listed users to execute commands on unintended machines.", "A privilege escalation vulnerability was found in Sudo. In certain configurations, unauthorized users can gain elevated system privileges via the Sudo host option (`-h` or `--host`). When using the default sudo security policy plugin (sudoers), the host option is intended to be used in conjunction with the list option (`-l` or `--list`) to determine what permissions a user has on a different system. However, this restriction can be bypassed, allowing a user to elevate their privileges on one system to the privileges they may have on a different system, effectively ignoring the host identifier in any sudoers rules. This vulnerability is particularly impactful for systems that share a single sudoers configuration file across multiple computers or use network-based user directories, such as LDAP, to provide sudoers rules on a system."], "mitigation": {"lang": "en:us", "value": "For environments using sudoers files: Remove rules defined in sudoers files that are for any system other than the local system.\nFor environments using LDAP: Use a narrow-scoped search path in the SSSD configuration so rules that don\u2019t apply to a system are not included in the LDAP query results."}, "name": "CVE-2025-32462", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Affected", "package_name": "sudo", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "sudo", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Affected", "package_name": "sudo", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "rhcos", "product_name": "Red Hat OpenShift Container Platform 4"}], "public_date": "2025-06-30T14:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-32462\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-32462\nhttps://www.stratascale.com/vulnerability-alert-CVE-2025-32462-sudo-host\nhttps://www.sudo.ws/security/advisories/host_any/"], "statement": "This vulnerability is classified as a Local Privilege Escalation (LPE), meaning an attacker needs an authenticated account before they could exploit it. Due to this restriction, the severity is rated Important. Additionally, for a system to be vulnerable, it must already be in a non-default configuration.\nThe system\u2019s sudoers file must contain rules that define that user\u2019s privileges on a different system. There are multiple mechanisms a system administrator could use to distribute sudoers rules, such as LDAP, Ansible playbooks, or via inclusion in a \u201cGolden Image,\u201d and therefore may be affected by this vulnerability. In environments using LDAP to manage sudoers files, look for sudoRoles objects that use sudoHost values to manage different levels of user privliges across multiple systems.\nIn situations where host A\u2019s sudoers rules include permissions defined for another host B, a user on host A could use the privileges granted to them on host B while logged into host A. For example, a sudoers file on hostA and hostB might include the following rules:\n```\nAlicehostA = ALL\nBobhostB = ALL\n```\nIf Bob logs into hostA and runs `sudo some command`, Sudo will check that Bob has permission to run `some command` on hostA. Since Bob does NOT have that privilege on hostA, Sudo will deny the requested command.\nHowever, the local Sudo rules on hostA can be bypassed if Bob logs into hostA and runs `sudo -h hostB some command`. In this case, Sudo will verify that Bob has permission to run `some command` on hostB. Since Bob does have that privilege, Sudo will run the requested command on hostA, where Bob is currently logged in.", "threat_severity": "Important"}

{}