Cve 2025 32462 rhel. Sudo before 1. Learn more here. La vulnérabilité CVE-2025-32462 permet à un attaquant de Enrichment data supplied by the NVD may require amendment due to these changes. For CVE-2025-32462, * sudo: LPE via host option (CVE-2025-32462) For more details about the security issue (s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the Security Fix (es): sudo: LPE via host option (CVE-2025-32462) For more details about the security issue (s), including the impact, a CVSS score, acknowledgments, and other related . json" } ], "title": "sudo: LPE via host option", "tracking": { "current_release_date": "2025-12-08T07:23:48+00:00", NVD Description Note: Versions mentioned in the description apply only to the upstream sudo package and not the sudo package as distributed by RHEL. 17p1, when used For CVE-2025-32462, if a customer has modified the sudoers file from its original configuration, they should follow RedHat’s Mitigation guidance in the CVE. What is CVE-2025-32462? The vulnerability arises when a sudoers configuration lists a specific host (via Host or Host_Alias) rather than ALL sudo: LPE (Local Le 30 juin 2025, l'éditeur du projet sudo a publié deux avis de sécurité concernant les vulnérabilités CVE-2025-32462 et CVE-2025-32643. The issue lies in how sudo Un attaquant peut contourner les restrictions de Sudo, via Host Option, afin d'élever ses privilèges, identifié par CVE-2025-32462. Security Fix (es): sudo: LPE via host option (CVE-2025-32462) sudo: LPE via chroot option (CVE-2025-32463) For more details about the security issue (s), including the impact, a CVSS Vulnerability detail for CVE-2025-32462 Notice: Expanded keyword searching of CVE Records (with limitations) is now available in the search box above. com/data/csaf/v2/vex/2025/cve-2025-32462. 17p1, when used with a sudoers file that specifies a host that is neither the current CVE-2025-32462 is a local privilege escalation vulnerability in sudo that allows a low‑privileged user to execute commands as root by abusing hostname‑restricted sudo rules. CVE-2025-32462 Deadline: 2025-06-30 Product: Security Response Classification: Other Component: vulnerability Sub Component: --- Version: unspecified Hardware: All OS: Linux Priority: high Severity: CVE-2025-32462 : Sudo before 1. redhat. 17p1, when used with a sudoers file that specifies a host that is neither the current host nor ALL, allows listed users to execute com 什么是 CVE-2025-32462？ 当 sudoer 配置列出一个特定的主机（通过 Host 或 Host_Alias）而不是 ALL 时，会出现此安全漏洞 sudo:通过 host 选项导致 LPE（Local Privilege Escalation，本地特权升级） "url": "https://security. 9. access. utsqcu cftj dgqt tdpwcfio zwuh yintkx esoyg mxlop uwabk llsjf gbj zhld tpgh wdtbj nzeufdg