CVE-2025-32462
CVE-2025-32462
Sudo before 1.9.17p1, when used with a sudoers file that specifies a host that is neither the current host nor ALL, allows listed users to execute commands on unintended machines.
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N
Affected products
Sudo project · Sudopublic PoCs found — 13
githubgithub.com/CryingN/CVE-2025-32462★ 13githubgithub.com/0p5cur/CVE-2025-32462-POC★ 8githubgithub.com/MAAYTHM/CVE-2025-32462_32463-Lab★ 5githubgithub.com/SpongeBob-369/cve-2025-32462★ 3githubgithub.com/yonathanpy/CVE-2025-32462-CVE-2025-32463-PoC-Lab★ 2githubgithub.com/j3r1ch0123/CVE-2025-32462★ 1githubgithub.com/cybersentinelx1/CVE-2025-32462-Exploit★ 1githubgithub.com/Hacksparo/CVE-2025-32462★ 0githubgithub.com/mylovem313/CVE-2025-32462★ 0githubgithub.com/toohau/CVE-2025-32462-32463-Detection-Script-★ 0githubgithub.com/OffSecPlaybook/CVE-2025-32462-★ 0githubgithub.com/lakshan-sameera/CVE-2025-32462-and-CVE-2025-32463---Critical-Sudo-Vulnerabilities★ 0exploitdbwww.exploit-db.com/exploits/52354unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://access.redhat.com/security/cve/cve-2025-32462https://bugs.gentoo.org/show_bug.cgi?id=CVE-2025-32462https://explore.alas.aws.amazon.com/CVE-2025-32462.htmlhttps://lists.debian.org/debian-lts-announce/2025/06/msg00033.htmlhttps://lists.debian.org/debian-security-announce/2025/msg00118.htmlhttps://security-tracker.debian.org/tracker/CVE-2025-32462https://ubuntu.com/security/notices/USN-7604-1https://www.openwall.com/lists/oss-security/2025/06/30/2https://www.secpod.com/blog/sudo-lpe-vulnerabilities-resolved-what-you-need-to-know-about-cve-2025-32462-and-cve-2025-32463/https://www.stratascale.com/vulnerability-alert-CVE-2025-32462-sudo-hosthttps://www.sudo.ws/releases/changelog/https://www.sudo.ws/security/advisories/