{"dataType":"CVE_RECORD","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2025-32462","assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","dateUpdated":"2025-11-03T19:53:32.346Z","dateReserved":"2025-04-09T00:00:00.000Z","datePublished":"2025-06-30T00:00:00.000Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"Sudo","vendor":"Sudo project","versions":[{"lessThan":"1.9.17p1","status":"affected","version":"1.8.8","versionType":"custom"}]}],"descriptions":[{"lang":"en","value":"Sudo before 1.9.17p1, when used with a sudoers file that specifies a host that is neither the current host nor ALL, allows listed users to execute commands on unintended machines."}],"problemTypes":[{"descriptions":[{"cweId":"CWE-863","description":"CWE-863 Incorrect Authorization","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre","dateUpdated":"2025-07-25T14:10:01.237Z"},"references":[{"url":"https://www.sudo.ws/security/advisories/"},{"url":"https://www.sudo.ws/releases/changelog/"},{"url":"https://www.stratascale.com/vulnerability-alert-CVE-2025-32462-sudo-host"},{"url":"https://www.openwall.com/lists/oss-security/2025/06/30/2"},{"url":"https://ubuntu.com/security/notices/USN-7604-1"},{"url":"https://www.secpod.com/blog/sudo-lpe-vulnerabilities-resolved-what-you-need-to-know-about-cve-2025-32462-and-cve-2025-32463/"},{"url":"https://www.sudo.ws/security/advisories/host_any/"},{"url":"https://lists.debian.org/debian-security-announce/2025/msg00118.html"},{"url":"https://explore.alas.aws.amazon.com/CVE-2025-32462.html"},{"url":"https://bugs.gentoo.org/show_bug.cgi?id=CVE-2025-32462"},{"url":"https://security-tracker.debian.org/tracker/CVE-2025-32462"},{"url":"https://www.suse.com/security/cve/CVE-2025-32462.html"},{"url":"https://access.redhat.com/security/cve/cve-2025-32462"}],"x_generator":{"engine":"enrichogram 0.0.1"},"metrics":[{"cvssV3_1":{"version":"3.1","baseScore":2.8,"baseSeverity":"LOW","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N"}}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:sudo_project:sudo:*:*:*:*:*:*:*:*","versionStartIncluding":"1.8.8","versionEndExcluding":"1.9.17p1"}]}]}]},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-07-01T13:25:34.777689Z","id":"CVE-2025-32462","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-07-01T13:25:41.728Z"}},{"title":"CVE Program Container","references":[{"url":"https://lists.debian.org/debian-lts-announce/2025/06/msg00033.html"}],"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2025-11-03T19:53:32.346Z"}}]},"dataVersion":"5.2"}