cvelistv5 - cve-2025-46718

CVE-2025-46718 (GCVE-0-2025-46718)

Vulnerability from cvelistv5 – Published: 2025-05-12 14:54 – Updated: 2025-05-12 22:06

Summary

sudo-rs is a memory safe implementation of sudo and su written in Rust. Prior to version 0.2.6, users with limited sudo privileges (e.g. execution of a single command) can list sudo privileges of other users using the `-U` flag. This vulnerability allows users with limited sudo privileges to enumerate the sudoers file, revealing sensitive information about other users' permissions. Attackers can collect information that can be used to more targeted attacks. Systems where users either do not have sudo privileges or have the ability to run all commands as root through sudo (the default configuration on most systems) are not affected by this advisory. Version 0.2.6 fixes the vulnerability.

Severity ?

3.3 (Low)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CWE

CWE-497 - Exposure of Sensitive System Information to an Unauthorized Control Sphere

Assigner

GitHub_M

References

URL

Tags

	https://github.com/trifectatechfoundation/sudo-rs…	x_refsource_CONFIRM
	https://github.com/trifectatechfoundation/sudo-rs…	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	trifectatechfoundation	sudo-rs	Affected: < 0.2.6

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-46718",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-12T21:45:01.523121Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-12T22:06:49.474Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://github.com/trifectatechfoundation/sudo-rs/security/advisories/GHSA-w9q3-g4p5-5q2r"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "sudo-rs",
          "vendor": "trifectatechfoundation",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 0.2.6"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "sudo-rs is a memory safe implementation of sudo and su written in Rust. Prior to version 0.2.6, users with limited sudo privileges (e.g. execution of a single command) can list sudo privileges of other users using the `-U` flag. This vulnerability allows users with limited sudo privileges to enumerate the sudoers file, revealing sensitive information about other users\u0027 permissions. Attackers can collect information that can be used to more targeted attacks. Systems where users either do not have sudo privileges or have the ability to run all commands as root through sudo (the default configuration on most systems) are not affected by this advisory. Version 0.2.6 fixes the vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-497",
              "description": "CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-12T14:54:24.925Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/trifectatechfoundation/sudo-rs/security/advisories/GHSA-w9q3-g4p5-5q2r",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/trifectatechfoundation/sudo-rs/security/advisories/GHSA-w9q3-g4p5-5q2r"
        },
        {
          "name": "https://github.com/trifectatechfoundation/sudo-rs/releases/tag/v0.2.6",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/trifectatechfoundation/sudo-rs/releases/tag/v0.2.6"
        }
      ],
      "source": {
        "advisory": "GHSA-w9q3-g4p5-5q2r",
        "discovery": "UNKNOWN"
      },
      "title": "sudo-rs Allows Low Privilege Users to Enumerate Privileges of Others"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-46718",
    "datePublished": "2025-05-12T14:54:24.925Z",
    "dateReserved": "2025-04-28T20:56:09.083Z",
    "dateUpdated": "2025-05-12T22:06:49.474Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-46718\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2025-05-12T15:16:01.397\",\"lastModified\":\"2025-07-09T01:45:32.727\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"sudo-rs is a memory safe implementation of sudo and su written in Rust. Prior to version 0.2.6, users with limited sudo privileges (e.g. execution of a single command) can list sudo privileges of other users using the `-U` flag. This vulnerability allows users with limited sudo privileges to enumerate the sudoers file, revealing sensitive information about other users\u0027 permissions. Attackers can collect information that can be used to more targeted attacks. Systems where users either do not have sudo privileges or have the ability to run all commands as root through sudo (the default configuration on most systems) are not affected by this advisory. Version 0.2.6 fixes the vulnerability.\"},{\"lang\":\"es\",\"value\":\"sudo-rs es una implementaci\u00f3n de memoria segura de sudo y su, escrita en Rust. Antes de la versi\u00f3n 0.2.6, los usuarios con privilegios de sudo limitados (por ejemplo, la ejecuci\u00f3n de un solo comando) pod\u00edan listar los privilegios de sudo de otros usuarios mediante la opci\u00f3n `-U`. Esta vulnerabilidad permite a los usuarios con privilegios de sudo limitados enumerar el archivo `sudoers`, revelando informaci\u00f3n confidencial sobre los permisos de otros usuarios. Los atacantes pueden recopilar informaci\u00f3n que puede utilizarse para ataques m\u00e1s espec\u00edficos. Los sistemas donde los usuarios no tienen privilegios de sudo o pueden ejecutar todos los comandos como root mediante sudo (la configuraci\u00f3n predeterminada en la mayor\u00eda de los sistemas) no se ven afectados por este aviso. La versi\u00f3n 0.2.6 corrige la vulnerabilidad.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\",\"baseScore\":3.3,\"baseSeverity\":\"LOW\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.8,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-497\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trifectatech:sudo:*:*:*:*:*:rust:*:*\",\"versionEndExcluding\":\"0.2.6\",\"matchCriteriaId\":\"FC98CE22-CA46-419B-ACDE-21E0AC76561B\"}]}]}],\"references\":[{\"url\":\"https://github.com/trifectatechfoundation/sudo-rs/releases/tag/v0.2.6\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://github.com/trifectatechfoundation/sudo-rs/security/advisories/GHSA-w9q3-g4p5-5q2r\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]},{\"url\":\"https://github.com/trifectatechfoundation/sudo-rs/security/advisories/GHSA-w9q3-g4p5-5q2r\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-46718\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-05-12T21:45:01.523121Z\"}}}], \"references\": [{\"url\": \"https://github.com/trifectatechfoundation/sudo-rs/security/advisories/GHSA-w9q3-g4p5-5q2r\", \"tags\": [\"exploit\"]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-05-12T21:45:14.615Z\"}}], \"cna\": {\"title\": \"sudo-rs Allows Low Privilege Users to Enumerate Privileges of Others\", \"source\": {\"advisory\": \"GHSA-w9q3-g4p5-5q2r\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 3.3, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"LOW\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"LOW\"}}], \"affected\": [{\"vendor\": \"trifectatechfoundation\", \"product\": \"sudo-rs\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 0.2.6\"}]}], \"references\": [{\"url\": \"https://github.com/trifectatechfoundation/sudo-rs/security/advisories/GHSA-w9q3-g4p5-5q2r\", \"name\": \"https://github.com/trifectatechfoundation/sudo-rs/security/advisories/GHSA-w9q3-g4p5-5q2r\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/trifectatechfoundation/sudo-rs/releases/tag/v0.2.6\", \"name\": \"https://github.com/trifectatechfoundation/sudo-rs/releases/tag/v0.2.6\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"sudo-rs is a memory safe implementation of sudo and su written in Rust. Prior to version 0.2.6, users with limited sudo privileges (e.g. execution of a single command) can list sudo privileges of other users using the `-U` flag. This vulnerability allows users with limited sudo privileges to enumerate the sudoers file, revealing sensitive information about other users\u0027 permissions. Attackers can collect information that can be used to more targeted attacks. Systems where users either do not have sudo privileges or have the ability to run all commands as root through sudo (the default configuration on most systems) are not affected by this advisory. Version 0.2.6 fixes the vulnerability.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-497\", \"description\": \"CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2025-05-12T14:54:24.925Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-46718\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-05-12T22:06:49.474Z\", \"dateReserved\": \"2025-04-28T20:56:09.083Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2025-05-12T14:54:24.925Z\", \"assignerShortName\": \"GitHub_M\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

GHSA-W9Q3-G4P5-5Q2R

Vulnerability from github – Published: 2025-05-13 20:05 – Updated: 2025-05-13 20:05

Summary

sudo-rs Allows Low Privilege Users to Enumerate Privileges of Others

Details

Summary

Users with limited sudo privileges (e.g. execution of a single command) can list sudo privileges of other users using the -U flag. This doesn't happen with the original sudo.

PoC

The initial test has been done in a container running Ubuntu 24.04 and installing oxidizr, running sudo-rs 0.2.2.

A user (bob) has been added with only ps command executable through sudo:

root    ALL=(ALL:ALL) ALL
bob     ALL=(ALL:ALL) /usr/bin/ps

The user is not able to read the /etc/sudoers file and running sudo -l -Uroot with original sudo (version 1.9.15p5) causes the following error:

Sorry, user bob is not allowed to execute 'list' as root on 43d4aed3cdbd.

The same command with sudo-rs is run without denying the execution:

User root may run the following commands on 43d4aed3cdbd:
    (ALL : ALL) ALL

The same happens for other non-root users:

bob@43d4aed3cdbd:~$ sudo -l -Ufoo
User foo may run the following commands on 43d4aed3cdbd:
    (ALL : ALL) /usr/bin/whoami

The behavior has been also been observed for version 0.2.5.

Impact

Users with limited sudo privileges can enumerate the sudoers file, revealing sensitive information about other users' permissions. Attackers can collect information that can be used to more targeted attacks.

Systems where users either do not have sudo privileges or have the ability to run all commands as root through sudo (the default configuration on most systems) are not affected by this advisory.

Credits

This issue was identified by Sonia Zorba.

Severity ?

3.3 (Low)


                  
                    CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "crates.io",
        "name": "sudo-rs"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.2.6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-46718"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-497"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-05-13T20:05:55Z",
    "nvd_published_at": "2025-05-12T15:16:01Z",
    "severity": "LOW"
  },
  "details": "### Summary\nUsers with limited sudo privileges (e.g. execution of a single command) can list sudo privileges of other users using the `-U` flag. This doesn\u0027t happen with the original sudo.\n\n### PoC\n\nThe initial test has been done in a container running Ubuntu 24.04 and installing [oxidizr](https://github.com/jnsgruk/oxidizr), running sudo-rs 0.2.2.\n\nA user (bob) has been added with only ps command executable through sudo:\n\n```\nroot    ALL=(ALL:ALL) ALL\nbob     ALL=(ALL:ALL) /usr/bin/ps\n```\n\nThe user is not able to read the `/etc/sudoers` file and running `sudo -l -Uroot` with original sudo (version 1.9.15p5) causes the following error:\n\n```\nSorry, user bob is not allowed to execute \u0027list\u0027 as root on 43d4aed3cdbd.\n```\n\nThe same command with sudo-rs is run without denying the execution:\n\n```\nUser root may run the following commands on 43d4aed3cdbd:\n    (ALL : ALL) ALL\n```\n\nThe same happens for other non-root users:\n\n```\nbob@43d4aed3cdbd:~$ sudo -l -Ufoo\nUser foo may run the following commands on 43d4aed3cdbd:\n    (ALL : ALL) /usr/bin/whoami\n```\n\nThe behavior has been also been observed for version 0.2.5.\n\n### Impact\nUsers with limited sudo privileges can enumerate the sudoers file, revealing sensitive information about other users\u0027 permissions. Attackers can collect information that can be used to more targeted attacks.\n\nSystems where users either do not have sudo privileges or have the ability to run all commands as root through sudo (the default configuration on most systems) are not affected by this advisory.\n\n### Credits\nThis issue was identified by [Sonia Zorba](https://www.zonia3000.net/).",
  "id": "GHSA-w9q3-g4p5-5q2r",
  "modified": "2025-05-13T20:05:55Z",
  "published": "2025-05-13T20:05:55Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/trifectatechfoundation/sudo-rs/security/advisories/GHSA-w9q3-g4p5-5q2r"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-46718"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/trifectatechfoundation/sudo-rs"
    },
    {
      "type": "WEB",
      "url": "https://github.com/trifectatechfoundation/sudo-rs/releases/tag/v0.2.6"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "sudo-rs Allows Low Privilege Users to Enumerate Privileges of Others"
}

WID-SEC-W-2025-1043

Vulnerability from csaf_certbund - Published: 2025-05-13 22:00 - Updated: 2025-05-13 22:00

Summary

sudo-rs: Mehrere Schwachstellen ermöglichen Offenlegung von Informationen

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

sudo-rs ist eine in Rust geschriebene Neuimplementierung des traditionellen sudo-Tools.

Angriff

Ein lokaler Angreifer kann mehrere Schwachstellen in sudo-rs ausnutzen, um Informationen offenzulegen.

Betroffene Betriebssysteme

- Linux - UNIX

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "niedrig"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "sudo-rs ist eine in Rust geschriebene Neuimplementierung des traditionellen sudo-Tools.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein lokaler Angreifer kann mehrere Schwachstellen in sudo-rs ausnutzen, um Informationen offenzulegen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux\n- UNIX",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2025-1043 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-1043.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2025-1043 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-1043"
      },
      {
        "category": "external",
        "summary": "Red Hat Bugtracker #2365650 vom 2025-05-13",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2365650"
      },
      {
        "category": "external",
        "summary": "GitHub Advisory Database PoC f\u00fcr CVE-2025-46717 2025-05-13",
        "url": "https://github.com/advisories/GHSA-98cv-wqjx-wx8f"
      },
      {
        "category": "external",
        "summary": "Red Hat Bugtracker #2365647 vom 2025-05-13",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2365647"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-2025-6A67917349 vom 2025-05-13",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2025-6a67917349"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-2025-C62D1A4879 vom 2025-05-13",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2025-c62d1a4879"
      },
      {
        "category": "external",
        "summary": "GitHub Advisory Database PoC f\u00fcr CVE-2025-46718 2025-05-13",
        "url": "https://github.com/advisories/GHSA-w9q3-g4p5-5q2r"
      }
    ],
    "source_lang": "en-US",
    "title": "sudo-rs: Mehrere Schwachstellen erm\u00f6glichen Offenlegung von Informationen",
    "tracking": {
      "current_release_date": "2025-05-13T22:00:00.000+00:00",
      "generator": {
        "date": "2025-05-14T10:39:19.800+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.12"
        }
      },
      "id": "WID-SEC-W-2025-1043",
      "initial_release_date": "2025-05-13T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2025-05-13T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Fedora Linux",
            "product": {
              "name": "Fedora Linux",
              "product_id": "74185",
              "product_identification_helper": {
                "cpe": "cpe:/o:fedoraproject:fedora:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Fedora"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c0.2.6",
                "product": {
                  "name": "Open Source sudo-rs \u003c0.2.6",
                  "product_id": "T043632"
                }
              },
              {
                "category": "product_version",
                "name": "0.2.6",
                "product": {
                  "name": "Open Source sudo-rs 0.2.6",
                  "product_id": "T043632-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:rust_foundation:sudo-rs:0.2.6"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "sudo-rs"
          }
        ],
        "category": "vendor",
        "name": "rust_foundation"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-46717",
      "product_status": {
        "known_affected": [
          "T043632",
          "74185"
        ]
      },
      "release_date": "2025-05-13T22:00:00.000+00:00",
      "title": "CVE-2025-46717"
    },
    {
      "cve": "CVE-2025-46718",
      "product_status": {
        "known_affected": [
          "T043632",
          "74185"
        ]
      },
      "release_date": "2025-05-13T22:00:00.000+00:00",
      "title": "CVE-2025-46718"
    }
  ]
}

FKIE_CVE-2025-46718

Vulnerability from fkie_nvd - Published: 2025-05-12 15:16 - Updated: 2025-07-09 01:45

Severity ?

3.3 (Low) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Summary

References

URL	Tags
security-advisories@github.com	https://github.com/trifectatechfoundation/sudo-rs/releases/tag/v0.2.6	Release Notes
security-advisories@github.com	https://github.com/trifectatechfoundation/sudo-rs/security/advisories/GHSA-w9q3-g4p5-5q2r	Exploit, Vendor Advisory
134c704f-9b21-4f2e-91b3-4a467353bcc0	https://github.com/trifectatechfoundation/sudo-rs/security/advisories/GHSA-w9q3-g4p5-5q2r	Exploit, Vendor Advisory

Impacted products

	Vendor	Product	Version
	trifectatech	sudo	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:trifectatech:sudo:*:*:*:*:*:rust:*:*",
              "matchCriteriaId": "FC98CE22-CA46-419B-ACDE-21E0AC76561B",
              "versionEndExcluding": "0.2.6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "sudo-rs is a memory safe implementation of sudo and su written in Rust. Prior to version 0.2.6, users with limited sudo privileges (e.g. execution of a single command) can list sudo privileges of other users using the `-U` flag. This vulnerability allows users with limited sudo privileges to enumerate the sudoers file, revealing sensitive information about other users\u0027 permissions. Attackers can collect information that can be used to more targeted attacks. Systems where users either do not have sudo privileges or have the ability to run all commands as root through sudo (the default configuration on most systems) are not affected by this advisory. Version 0.2.6 fixes the vulnerability."
    },
    {
      "lang": "es",
      "value": "sudo-rs es una implementaci\u00f3n de memoria segura de sudo y su, escrita en Rust. Antes de la versi\u00f3n 0.2.6, los usuarios con privilegios de sudo limitados (por ejemplo, la ejecuci\u00f3n de un solo comando) pod\u00edan listar los privilegios de sudo de otros usuarios mediante la opci\u00f3n `-U`. Esta vulnerabilidad permite a los usuarios con privilegios de sudo limitados enumerar el archivo `sudoers`, revelando informaci\u00f3n confidencial sobre los permisos de otros usuarios. Los atacantes pueden recopilar informaci\u00f3n que puede utilizarse para ataques m\u00e1s espec\u00edficos. Los sistemas donde los usuarios no tienen privilegios de sudo o pueden ejecutar todos los comandos como root mediante sudo (la configuraci\u00f3n predeterminada en la mayor\u00eda de los sistemas) no se ven afectados por este aviso. La versi\u00f3n 0.2.6 corrige la vulnerabilidad."
    }
  ],
  "id": "CVE-2025-46718",
  "lastModified": "2025-07-09T01:45:32.727",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 3.3,
          "baseSeverity": "LOW",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 1.4,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-05-12T15:16:01.397",
  "references": [
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Release Notes"
      ],
      "url": "https://github.com/trifectatechfoundation/sudo-rs/releases/tag/v0.2.6"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "https://github.com/trifectatechfoundation/sudo-rs/security/advisories/GHSA-w9q3-g4p5-5q2r"
    },
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "https://github.com/trifectatechfoundation/sudo-rs/security/advisories/GHSA-w9q3-g4p5-5q2r"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-497"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2025-46718 (GCVE-0-2025-46718)

GHSA-W9Q3-G4P5-5Q2R

Summary

PoC

Impact

Credits

WID-SEC-W-2025-1043

FKIE_CVE-2025-46718

Tags

Sightings

Nomenclature