Low severityNVD Advisory· Published May 12, 2025· Updated May 12, 2025
sudo-rs Allows Low Privilege Users to Discover the Existence of Files in Inaccessible Folders
CVE-2025-46717
Description
sudo-rs is a memory safe implementation of sudo and su written in Rust. Prior to version 0.2.6, users with no (or very limited) sudo privileges can determine whether files exists in folders that they otherwise cannot access using sudo --list . Users with local access to a machine can discover the existence/non-existence of certain files, revealing potentially sensitive information in the file names. This information can also be used in conjunction with other attacks. Version 0.2.6 fixes the vulnerability.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
sudo-rscrates.io | < 0.2.6 | 0.2.6 |
Affected products
2- Range: < 0.2.6
Patches
Vulnerability mechanics
References
4- github.com/advisories/GHSA-98cv-wqjx-wx8fghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-46717ghsaADVISORY
- github.com/trifectatechfoundation/sudo-rs/releases/tag/v0.2.6ghsax_refsource_MISCWEB
- github.com/trifectatechfoundation/sudo-rs/security/advisories/GHSA-98cv-wqjx-wx8fghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.