CVE Alert: CVE-2025-46718
Vulnerability Summary: CVE-2025-46718
sudo-rs is a memory safe implementation of sudo and su written in Rust. Prior to version 0.2.6, users with limited sudo privileges (e.g. execution of a single command) can list sudo privileges of other users using the `-U` flag. This vulnerability allows users with limited sudo privileges to enumerate the sudoers file, revealing sensitive information about other users’ permissions. Attackers can collect information that can be used to more targeted attacks. Systems where users either do not have sudo privileges or have the ability to run all commands as root through sudo (the default configuration on most systems) are not affected by this advisory. Version 0.2.6 fixes the vulnerability.
Affected Endpoints:
No affected endpoints listed.
Published Date:
5/12/2025, 3:16:01 PM
❄️ CVSS Score:
Exploit Status:
Not ExploitedReferences:
- https://github.com/trifectatechfoundation/sudo-rs/releases/tag/v0.2.6
- https://github.com/trifectatechfoundation/sudo-rs/security/advisories/GHSA-w9q3-g4p5-5q2r
- https://github.com/trifectatechfoundation/sudo-rs/security/advisories/GHSA-w9q3-g4p5-5q2r
Recommended Action:
No proposed action available. Please refer to vendor documentation for updates.
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below
To keep up to date follow us on the below channels.
