CVE-2025-32462
Public on 2025-06-30
Modified on 2025-07-01
Description
Sudo before 1.9.17p1, when used with a sudoers file that specifies a host that is neither the current host nor ALL, allows listed users to execute commands on unintended machines.
Severity
See what this means
CVSS v3 Base Score
See breakdown
Affected Packages
Platform | Package | Release Date | Advisory | Status |
---|---|---|---|---|
Amazon Linux 1 | sudo | No Fix Planned | ||
Amazon Linux 2 - Core | sudo | Pending Fix | ||
Amazon Linux 2023 | sudo | Pending Fix |
CVSS Scores
Score Type | Score | Vector | |
---|---|---|---|
Amazon Linux | CVSSv3 | 7.8 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
NVD | CVSSv3 | 2.8 | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N |