{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2025-32462", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2025-06-30T20:24:14.558Z", "dateReserved": "2025-04-09T00:00:00.000Z", "datePublished": "2025-06-30T00:00:00.000Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Sudo", "vendor": "Sudo project", "versions": [{"lessThan": "1.9.17p1", "status": "affected", "version": "1.8.8", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "Sudo before 1.9.17p1, when used with a sudoers file that specifies a host that is neither the current host nor ALL, allows listed users to execute commands on unintended machines."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-863", "description": "CWE-863 Incorrect Authorization", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2025-06-30T20:24:14.558Z"}, "references": [{"url": "https://www.sudo.ws/security/advisories/"}, {"url": "https://www.sudo.ws/releases/changelog/"}, {"url": "https://www.stratascale.com/vulnerability-alert-CVE-2025-32462-sudo-host"}, {"url": "https://www.openwall.com/lists/oss-security/2025/06/30/2"}], "x_generator": {"engine": "enrichogram 0.0.1"}, "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 2.8, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N"}}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:sudo_project:sudo:*:*:*:*:*:*:*:*", "versionStartIncluding": "1.8.8", "versionEndExcluding": "1.9.17p1"}]}]}]}}, "dataVersion": "5.1"}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Sudo before 1.9.17p1, when used with a sudoers file that specifies a host that is neither the current host nor ALL, allows listed users to execute commands on unintended machines."}], "id": "CVE-2025-32462", "lastModified": "2025-06-30T21:15:30.080", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 2.8, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.1, "impactScore": 1.4, "source": "[email protected]", "type": "Secondary"}]}, "published": "2025-06-30T21:15:30.080", "references": [{"source": "[email protected]", "url": "https://www.openwall.com/lists/oss-security/2025/06/30/2"}, {"source": "[email protected]", "url": "https://www.stratascale.com/vulnerability-alert-CVE-2025-32462-sudo-host"}, {"source": "[email protected]", "url": "https://www.sudo.ws/releases/changelog/"}, {"source": "[email protected]", "url": "https://www.sudo.ws/security/advisories/"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-863"}], "source": "[email protected]", "type": "Primary"}]}

{"bugzilla": {"description": "sudo: LPE via host option", "id": "2374692", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2374692"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "draft"}, "cwe": "CWE-863", "details": ["A privilege escalation vulnerability was found in Sudo. In certain configurations, unauthorized users can gain elevated system privileges via the Sudo host option (`-h` or `--host`). When using the default sudo security policy plugin (sudoers), the host option is intended to be used in conjunction with the list option (`-l` or `--list`) to determine what permissions a user has on a different system. However, this restriction can be bypassed, allowing a user to elevate their privileges on one system to the privileges they may have on a different system, effectively ignoring the host identifier in any sudoers rules. This vulnerability is particularly impactful for systems that share a single sudoers configuration file across multiple computers or use network-based user directories, such as LDAP, to provide sudoers rules on a system."], "mitigation": {"lang": "en:us", "value": "For environments using sudoers files: Remove rules defined in sudoers files that are for any system other than the local system.\nFor environments using LDAP: Use a narrow-scoped search path in the SSSD configuration so rules that don\u2019t apply to a system are not included in the LDAP query results."}, "name": "CVE-2025-32462", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Affected", "package_name": "sudo", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "sudo", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Affected", "package_name": "sudo", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "sudo", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "sudo", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "rhcos", "product_name": "Red Hat OpenShift Container Platform 4"}], "public_date": "2025-06-30T14:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-32462\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-32462\nhttps://www.stratascale.com/vulnerability-alert-CVE-2025-32462-sudo-host\nhttps://www.sudo.ws/security/advisories/host_any/"], "statement": "The severity of this vulnerability is rated as Important, as two requirements are needed to exploit it, and one is not within the control of an attacker. The first requirement is having an authenticated account. Additionally, exploitation requires the system to already be in a non-default configuration and dependant on the additional rules present in the sudoers file.\nTo exploit this vulnerability on a system, an attacker must have access to an account on that system. Additionally, the system\u2019s sudoers file must contain rules that define that user\u2019s privileges on a different system. There are multiple mechanisms a system administrator could use to distribute sudoers rules, such as LDAP, Ansible playbooks, or via inclusion in a \u201cGolden Image,\u201d and therefore may be affected by this vulnerability. In environments using LDAP to manage sudoers files, look for sudoRoles objects that use sudoHost values to manage different levels of user privliges across multiple systems.\nIn situations where host A\u2019s sudoers rules include permissions defined for another host B, a user on host A could use the privileges granted to them on host B while logged into host A. For example, a sudoers file on hostA and hostB might include the following rules:\n```\nAlicehostA = ALL\nBobhostB = ALL\n```\nIf Bob logs into hostA and runs `sudo some command`, Sudo will check that Bob has permission to run `some command` on hostA. Since Bob does NOT have that privilege on hostA, Sudo will deny the requested command.\nHowever, the local Sudo rules on hostA can be bypassed if Bob logs into hostA and runs `sudo -h hostB some command`. In this case, Sudo will verify that Bob has permission to run `some command` on hostB. Since Bob does have that privilege, Sudo will run the requested command on hostA, where Bob is currently logged in.", "threat_severity": "Important"}