CVE-2025-32462

EUVD-2025-20867
Sudo before 1.9.17p1, when used with a sudoers file that specifies a host that is neither the current host nor ALL, allows listed users to execute commands on unintended machines.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
2.8 LOW
LOCAL
HIGH
LOW
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N
mitreCNA
2.8 LOW
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 94%
Affected Products (NVD)
VendorProductVersion
sudo_projectsudo
𝑥
< 1.9.17
sudo_projectsudo
1.9.17
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
sudo
bookworm
1.9.13p3-1+deb12u3
fixed
bookworm (security)
1.9.13p3-1+deb12u2
fixed
bullseye
vulnerable
bullseye (security)
1.9.5p2-3+deb11u3
fixed
forky
1.9.17p2-4
fixed
sid
1.9.17p2-4
fixed
trixie
1.9.16p2-3
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
sudo
bionic
Fixed 1.8.21p2-3ubuntu1.6+esm1
released
focal
Fixed 1.8.31-1ubuntu1.5+esm1
released
jammy
Fixed 1.9.9-1ubuntu2.5
released
noble
Fixed 1.9.15p5-3ubuntu5.24.04.1
released
oracular
Fixed 1.9.15p5-3ubuntu5.24.10.1
released
plucky
Fixed 1.9.16p2-1ubuntu1.1
released
trusty
Fixed 1.8.9p5-1ubuntu1.5+esm8
released
xenial
Fixed 1.8.16-0ubuntu1.10+esm3
released
Common Weakness Enumeration
References
https://access.redhat.com/security/cve/cve-2025-32462
https://bugs.gentoo.org/show_bug.cgi?id=CVE-2025-32462
https://explore.alas.aws.amazon.com/CVE-2025-32462.html
https://lists.debian.org/debian-security-announce/2025/msg00118.html
https://security-tracker.debian.org/tracker/CVE-2025-32462
https://ubuntu.com/security/notices/USN-7604-1
https://www.openwall.com/lists/oss-security/2025/06/30/2
https://www.secpod.com/blog/sudo-lpe-vulnerabilities-resolved-what-you-need-to-know-about-cve-2025-32462-and-cve-2025-32463/
https://www.stratascale.com/vulnerability-alert-CVE-2025-32462-sudo-host
https://www.sudo.ws/releases/changelog/
https://www.sudo.ws/security/advisories/
https://www.sudo.ws/security/advisories/host_any/
https://www.suse.com/security/cve/CVE-2025-32462.html
https://lists.debian.org/debian-lts-announce/2025/06/msg00033.html