CVE-2025-46717

Source
https://cve.org/CVERecord?id=CVE-2025-46717
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-46717.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-46717
Aliases
Downstream
Published
2025-05-12T14:52:55.408Z
Modified
2026-04-10T05:28:31.506184Z
Severity
  • 3.3 (Low) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
Summary
sudo-rs Allows Low Privilege Users to Discover the Existence of Files in Inaccessible Folders
Details

sudo-rs is a memory safe implementation of sudo and su written in Rust. Prior to version 0.2.6, users with no (or very limited) sudo privileges can determine whether files exists in folders that they otherwise cannot access using sudo --list <pathname>. Users with local access to a machine can discover the existence/non-existence of certain files, revealing potentially sensitive information in the file names. This information can also be used in conjunction with other attacks. Version 0.2.6 fixes the vulnerability.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/46xxx/CVE-2025-46717.json",
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-497"
    ]
}
References

Affected packages

Git / github.com/trifectatechfoundation/sudo-rs

Affected ranges

Type
GIT
Repo
https://github.com/trifectatechfoundation/sudo-rs
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed

Affected versions

v0.*
v0.1.0-dev.20230620
v0.2.0
v0.2.0-dev.20230627
v0.2.0-dev.20230703
v0.2.0-dev.20230711
v0.2.1
v0.2.3
v0.2.5
v0.2.6

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-46717.json"