Description

sudo-rs is a memory safe implementation of sudo and su written in Rust. Prior to version 0.2.6, users with no (or very limited) sudo privileges can determine whether files exists in folders that they otherwise cannot access using `sudo --list <pathname>`. Users with local access to a machine can discover the existence/non-existence of certain files, revealing potentially sensitive information in the file names. This information can also be used in conjunction with other attacks. Version 0.2.6 fixes the vulnerability.

INFO

Published Date :

2025-05-12T14:52:55.408Z

Last Modified :

2025-05-12T22:06:55.312Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-46717 vulnerability.

Vendors Products
Trifectatech
  • Sudo
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-46717.

URL Resource
https://github.com/trifectatechfoundation/sudo-rs/releases/tag/v0.2.6 cve-icon cve-icon
https://github.com/trifectatechfoundation/sudo-rs/security/advisories/GHSA-98cv-wqjx-wx8f cve-icon cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact