CVE-2025-32462

Public on 2025-06-30
Modified on 2025-07-01
Description
Sudo before 1.9.17p1, when used with a sudoers file that specifies a host that is neither the current host nor ALL, allows listed users to execute commands on unintended machines.
Severity
Important severity
Important
See what this means
CVSS v3 Base Score
7.8
See breakdown

Affected Packages

Platform Package Release Date Advisory Status
Amazon Linux 1 sudo No Fix Planned
Amazon Linux 2 - Core sudo Pending Fix
Amazon Linux 2023 sudo Pending Fix

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv3 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
NVD CVSSv3 2.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N