Main Vulnerability Database SB2025072252

SB2025072252 - Red Hat Enterprise Linux 10 update for sudo

Published: July 22, 2025 Updated: September 24, 2025

Security Bulletin ID SB2025072252

Severity

Low

Patch available

YES

Number of vulnerabilities 2

Exploitation vector Local access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) Protection mechanism failure (CVE-ID: CVE-2025-32462)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to insufficient implementation of security measures when running sudo with -h (--host) option. If the current configuration provides access to users based on the host they are allowed to execute commands, a local user can bypass such a restriction by providing the hostname via the "-h" option they are allowed to execute commands. The vulnerability affects systems that use a common sudoers file that is distributed to multiple machines or when LDAP-based sudoers (including SSSD) is used.

2) Protection mechanism failure (CVE-ID: CVE-2025-32463)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to insufficient implementation of security measures when running sudo with -R (--chroot) option. A local user can run arbitrary commands as root, even if they are not listed in the sudoers file.

Note, the vulnerability affects installations with Name Service Switch (NSS) enabled.

Remediation

Install update from vendor's website.

References

https://access.redhat.com/errata/RHSA-2025:11537