CVE-2025-32462

Publication date 30 June 2025

Last updated 2 July 2025


Ubuntu priority

Cvss 3 Severity Score

2.8 · Low

Score breakdown

Sudo before 1.9.17p1, when used with a sudoers file that specifies a host that is neither the current host nor ALL, allows listed users to execute commands on unintended machines.

Why is this CVE high priority?

Allows local privilege escalation

Learn more about Ubuntu priority

Status

Package Ubuntu Release Status
sudo 25.04 plucky
Fixed 1.9.16p2-1ubuntu1.1
24.10 oracular
Fixed 1.9.15p5-3ubuntu5.24.10.1
24.04 LTS noble
Fixed 1.9.15p5-3ubuntu5.24.04.1
22.04 LTS jammy
Fixed 1.9.9-1ubuntu2.5
20.04 LTS focal
Fixed 1.8.31-1ubuntu1.5+esm1
18.04 LTS bionic
Fixed 1.8.21p2-3ubuntu1.6+esm1
16.04 LTS xenial
Fixed 1.8.16-0ubuntu1.10+esm3
14.04 LTS trusty
Fixed 1.8.9p5-1ubuntu1.5+esm8

Get expanded security coverage with Ubuntu Pro

Reduce your average CVE exposure time from 98 days to 1 day with expanded CVE patching, ten-years security maintenance and optional support for the full stack of open-source applications. Free for personal use.

Get Ubuntu Pro

Severity score breakdown

Parameter Value
Base score 2.8 · Low
Attack vector Local
Attack complexity High
Privileges required Low
User interaction None
Scope Changed
Confidentiality None
Integrity impact Low
Availability impact None
Vector CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N

References

Related Ubuntu Security Notices (USN)

Other references