cbcvebase.
CVE-2025-32462
published 2025-06-30

CVE-2025-32462: Sudo before 1.9.17p1, when used with a sudoers file that specifies a host that is neither the current host nor ALL, allows listed users to execute commands on…

high8.8CVSS 3.1
AVLACLPRLUINSCCHIHAH
EXPLOIT
Sudo before 1.9.17p1, when used with a sudoers file that specifies a host that is neither the current host nor ALL, allows listed users to execute commands on unintended machines.

Affected

18 ranges
VendorProductVersion rangeFixed in
applemacos_tahoe
debiansudo< sudo 1.9.13p3-1+deb12u2 (bookworm)sudo 1.9.13p3-1+deb12u2 (bookworm)
msrcazl3_sudo_1.9.17-1_on_azure_linux_3.0
msrccbl2_sudo_1.9.17-1_on_cbl_mariner_2.0
msrccm2_sudo_1.9.17-1_on_cbl_mariner_2.0
sudo_projectsudo< 1.9.171.9.17
sudo_projectsudo
sudo_projectsudo>= 0 < 1.9.5p2-3+deb11u21.9.5p2-3+deb11u2
sudo_projectsudo>= 0 < 1.9.13p3-1+deb12u21.9.13p3-1+deb12u2
sudo_projectsudo>= 0 < 1.9.16p2-31.9.16p2-3
sudo_projectsudo>= 0 < 1.9.16p2-31.9.16p2-3
sudo_projectsudo>= 0 < 1.9.9-1ubuntu2.51.9.9-1ubuntu2.5
sudo_projectsudo>= 0 < 1.9.15p5-3ubuntu5.24.04.11.9.15p5-3ubuntu5.24.04.1
sudo_projectsudo>= 0 < 1.8.9p5-1ubuntu1.5+esm81.8.9p5-1ubuntu1.5+esm8
sudo_projectsudo>= 0 < 1.8.16-0ubuntu1.10+esm31.8.16-0ubuntu1.10+esm3
sudo_projectsudo>= 0 < 1.8.21p2-3ubuntu1.6+esm11.8.21p2-3ubuntu1.6+esm1
sudo_projectsudo>= 0 < 1.8.31-1ubuntu1.5+esm11.8.31-1ubuntu1.5+esm1
sudo_projectsudo>= 1.8.8 < 1.9.17p11.9.17p1

CVSS provenance

nvdv3.18.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
osv8.8HIGH