CVE-2025-32462 LOW

CVE-2025-32462

Vendor Sudo Project

Product Sudo

Weakness CWE-863 · Incorrect authorization

Published June 30, 2025

Last update November 3, 2025

View on NVD All CVEs

CVSS base score

2.8/10

Attack vector Local

Attack complexity High

Privileges required Low

User interaction None

Confidentiality None

Integrity Low

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N

What the vulnerability does

01Description

Sudo before 1.9.17p1, when used with a sudoers file that specifies a host that is neither the current host nor ALL, allows listed users to execute commands on unintended machines.

Key dates

02Disclosure timeline

June 30, 2025 CVE published

November 3, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-32462

Related vulnerabilities

04Related CVE

CVE-2020-35501 CVE-2024-22208 phpMyFAQ sharing FAQ functionality can easily be abused for phishing purposes CVE-2026-24069 Improper Enforcement of Disabled Accounts in WebUI SSO in Kiuwan SAST CVE-2025-10696 OpenSupports 4.11.0 — Insecure Direct Object Reference in supervised list CVE-2026-33428 Discourse Allows Unauthorized Access to Deleted Posts Index via Group Membership