CVE-2025-46718: sudo-rs Allows Low Privilege Users to Enumerate Privileges of Others

May 13, 2025

Users with limited sudo privileges (e.g. execution of a single command) can list sudo privileges of other users using the -U flag. This doesn’t happen with the original sudo.

References

github.com/advisories/GHSA-w9q3-g4p5-5q2r
github.com/trifectatechfoundation/sudo-rs
github.com/trifectatechfoundation/sudo-rs/releases/tag/v0.2.6
github.com/trifectatechfoundation/sudo-rs/security/advisories/GHSA-w9q3-g4p5-5q2r
nvd.nist.gov/vuln/detail/CVE-2025-46718

Code Behaviors & Features

Detect and mitigate CVE-2025-46718 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →