CVE-2025-46717

EUVD-2025-14324

12.05.2025, 15:16

sudo-rs is a memory safe implementation of sudo and su written in Rust. Prior to version 0.2.6, users with no (or very limited) sudo privileges can determine whether files exists in folders that they otherwise cannot access using `sudo --list <pathname>`. Users with local access to a machine can discover the existence/non-existence of certain files, revealing potentially sensitive information in the file names. This information can also be used in conjunction with other attacks. Version 0.2.6 fixes the vulnerability.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	3.3 LOW	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
GitHub_M	CNA	3.3 LOW	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Base Score

CVSS 3.x

EPSS Score

Percentile: 6%

Affected Products (NVD)

Vendor	Product	Version
trifectatech	sudo	𝑥 < 0.2.6

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

rust-sudo-rs

forky	0.2.10-1 fixed
sid	0.2.10-1 fixed
trixie	0.2.5-5+deb13u1 fixed
trixie (security)	0.2.5-5+deb13u1 fixed

Ubuntu Releases

Ubuntu Product

Codename

rust-sudo-rs

focal	dne
jammy	dne
noble	needed
oracular	ignored
plucky	ignored
questing	Fixed 0.2.8-1ubuntu2 released

Known Exploits!

Common Weakness Enumeration

CWE-497 - Exposure of Sensitive System Information to an Unauthorized Control Sphere
The application does not properly prevent sensitive system-level information from being accessed by unauthorized actors who do not have the same level of access to the underlying system as the application does.

References

https://github.com/trifectatechfoundation/sudo-rs/releases/tag/v0.2.6

https://github.com/trifectatechfoundation/sudo-rs/security/advisories/GHSA-98cv-wqjx-wx8f

https://github.com/trifectatechfoundation/sudo-rs/security/advisories/GHSA-98cv-wqjx-wx8f