CVE-2025-32462

Updated: 2026-02-27 02:32:37.009715

Description:

Sudo before 1.9.17p1, when used with a sudoers file that specifies a host that is neither the current host nor ALL, allows listed users to execute commands on unintended machines.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x 0.0
CVSS Version 3.x HIGH 8.8

Status

OS name Project name Version Score Severity Status Errata Last updated

Statement
AlmaLinux 9.2 ESU sudo 1.9.5p2 8.8 HIGH Released CLSA-2025:1752746954 2025-07-18 02:07:12
Alpine Linux 3.18 ELS sudo 1.9.13 8.8 HIGH Released CLSA-2025:1766668246 2025-12-25 15:42:09
CentOS 6 ELS sudo 1.8.6p3 8.8 HIGH Not Vulnerable 2025-07-08 00:19:20 Not vulnerable
CentOS 7 ELS sudo 1.8.23 8.8 HIGH Released CLSA-2025:1751900234 2025-07-20 01:39:00
CentOS 8.4 ELS sudo 1.8.29-7 8.8 HIGH Released CLSA-2025:1751913478 2025-07-08 00:19:18
CentOS 8.5 ELS sudo 1.8.29-7 8.8 HIGH Released CLSA-2025:1751913630 2025-07-08 00:19:19
CentOS Stream 8 ELS sudo 1.9.5p2 8.8 HIGH Released CLSA-2025:1751913242 2025-07-08 04:29:12
CloudLinux 6 ELS sudo 1.8.6p3 8.8 HIGH Not Vulnerable 2025-07-08 00:19:20 Not vulnerable
CloudLinux 7 ELS sudo 1.8.23 8.8 HIGH Released CLSA-2025:1751900044 2025-07-17 03:01:18
Debian 10 ELS sudo 1.8.27 8.8 HIGH Released CLSA-2025:1761325294 2025-10-24 19:17:34
Total: 17