Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2025-46718
Analyzed
More InfoOfficial Page
Source-security-advisories@github.com
View Known Exploited Vulnerability (KEV) details
Published At-12 May, 2025 | 15:16
Updated At-09 Jul, 2025 | 01:45

sudo-rs is a memory safe implementation of sudo and su written in Rust. Prior to version 0.2.6, users with limited sudo privileges (e.g. execution of a single command) can list sudo privileges of other users using the `-U` flag. This vulnerability allows users with limited sudo privileges to enumerate the sudoers file, revealing sensitive information about other users' permissions. Attackers can collect information that can be used to more targeted attacks. Systems where users either do not have sudo privileges or have the ability to run all commands as root through sudo (the default configuration on most systems) are not affected by this advisory. Version 0.2.6 fixes the vulnerability.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.13.3LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Type: Secondary
Version: 3.1
Base score: 3.3
Base severity: LOW
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CPE Matches
trifectatech
trifectatech
>>sudo>>Versions before 0.2.6(exclusive)
cpe:2.3:a:trifectatech:sudo:*:*:*:*:*:rust:*:*
Weaknesses
CWE IDTypeSource
CWE-497Secondarysecurity-advisories@github.com
NVD-CWE-noinfoPrimarynvd@nist.gov
CWE ID: CWE-497
Type: Secondary
Source: security-advisories@github.com
CWE ID: NVD-CWE-noinfo
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/trifectatechfoundation/sudo-rs/releases/tag/v0.2.6security-advisories@github.com
Release Notes
https://github.com/trifectatechfoundation/sudo-rs/security/advisories/GHSA-w9q3-g4p5-5q2rsecurity-advisories@github.com
Exploit
Vendor Advisory
https://github.com/trifectatechfoundation/sudo-rs/security/advisories/GHSA-w9q3-g4p5-5q2r134c704f-9b21-4f2e-91b3-4a467353bcc0
Exploit
Vendor Advisory
Hyperlink: https://github.com/trifectatechfoundation/sudo-rs/releases/tag/v0.2.6
Source: security-advisories@github.com
Resource:
Release Notes
Hyperlink: https://github.com/trifectatechfoundation/sudo-rs/security/advisories/GHSA-w9q3-g4p5-5q2r
Source: security-advisories@github.com
Resource:
Exploit
Vendor Advisory
Hyperlink: https://github.com/trifectatechfoundation/sudo-rs/security/advisories/GHSA-w9q3-g4p5-5q2r
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Resource:
Exploit
Vendor Advisory
Change History
0Changes found
Details not found