CVE
CVE-2025-32462
| CVE ID |
CVE-2025-32462
|
|---|---|
| CVSS Score |
8.8
|
| Operating System | |
| Affected Versions | |
| Patched Versions |
sudo-1.8.23-10_ol001.el7_9.3
|
| Patch Date |
|
| Last Updated Date | |
| Vector String |
Additional Information
OL CVE Issue Summary :
A Local Privilege Escalation (LPE) vulnerability was found in Sudo.
In certain configurations, unauthorized users can gain elevated system privileges via the `sudo` host option (-h or --host).
When using the default sudo security policy plugin (sudoers), the host option is intended to be used in conjunction with the list option (-l or --list) to determine what permissions a user has on a given system.
However, this restriction can be bypassed, allowing a user to elevate their privileges on one system to the privileges they may have on another, effectively ignoring the host identifier in any sudoers rules.
This vulnerability is particularly impactful for systems that share a single sudoers configuration file across multiple computers or use network-based user directories, such as LDAP, to provide sudoers rules on a system.