PT-2025-27465 · Sudo+11 · Sudo+11

Rich Mirch

·

Published

2025-06-30

·

Updated

2025-12-10

·

CVE-2025-32462

CVSS v3.1

8.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions:
Sudo versions 1.8.8 through 1.9.17
Description:
Sudo, a program designed to provide limited super user privileges, contains a vulnerability due to incorrect handling of the host (-h or --host) option. This flaw allows a local user to potentially escalate privileges by bypassing host restrictions when using the sudo command or sudoedit. The vulnerability stems from the host option not being restricted to listing privileges only, enabling execution of commands on unintended machines. This issue has existed for over 12 years.
Recommendations:
Upgrade to Sudo version 1.9.17p1 or later to address this vulnerability.

Exploit

Fix

LPE

Incorrect Authorization

Weakness Enumeration

CWE-863

Related Identifiers

ALSA-2025:10110
ALSA-2025:11537
ALSA-2025:9978
ALT-PU-2025-8812
ALT-PU-2025-8851
ALT-PU-2025-8863
AZL-64449
AZL-64461
BDU:2025-08356
CESA-2025_10110
CVE-2025-32462
DLA-4235-1
DSA-5954-1
ECHO-7021-C433-F22C
INFSA-2025_10110
INFSA-2025_9978
MGASA-2025-0213
OESA-2025-1733
OESA-2025-1734
OESA-2025-1735
OESA-2025-1736
OESA-2025-1737
OESA-2025-1759
OPENSUSE-SU-2025:15298-1
RHSA-2025:10110
RHSA-2025:10383
RHSA-2025:10518
RHSA-2025:10520
RHSA-2025:10707
RHSA-2025:10779
RHSA-2025:10835
RHSA-2025:10836
RHSA-2025:10871
RHSA-2025:11537
RHSA-2025:9978
RHSA-2025_10110
RHSA-2025_9978
SUSE-SU-2025:02174-1
SUSE-SU-2025:02175-1
SUSE-SU-2025:02177-1
SUSE-SU-2025:02178-1
SUSE-SU-2025:02179-1
SUSE-SU-2025:20478-1
SUSE-SU-2025:20489-1
SUSE-SU-2025_02174-1
SUSE-SU-2025_02175-1
SUSE-SU-2025_02177-1
SUSE-SU-2025_02178-1
SUSE-SU-2025_02179-1
USN-7604-1
USN-7604-2

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Linuxmint
Apple Macos
Red Hat
Red Os
Rocky Linux
Sudo
Suse
Ubuntu