3.3

CVSS Score

3.1

-

CVSS Score

Basic Information

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2025-46718

CVE-2025-46718: sudo-rs Allows Low Privilege Users to Enumerate Privileges of Others

Summary

Users with limited sudo privileges (e.g. execution of a single command) can list sudo privileges of other users using the -U flag. This doesn't happen with the original sudo.

PoC

The initial test has been done in a container running Ubuntu 24.04 and installing oxidizr, running sudo-rs 0.2.2.

A user (bob) has been added with only ps command executable through sudo:

root    ALL=(ALL:ALL) ALL
bob     ALL=(ALL:ALL) /usr/bin/ps

The user is not able to read the /etc/sudoers file and running sudo -l -Uroot with original sudo (version 1.9.15p5) causes the following error:

Sorry, user bob is not allowed to execute 'list' as root on 43d4aed3cdbd.

The same command with sudo-rs is run without denying the execution:

User root may run the following commands on 43d4aed3cdbd:
    (ALL : ALL) ALL

The same happens for other non-root users:

bob@43d4aed3cdbd:~$ sudo -l -Ufoo
User foo may run the following commands on 43d4aed3cdbd:
    (ALL : ALL) /usr/bin/whoami

The behavior has been also been observed for version 0.2.5.

Impact

Users with limited sudo privileges can enumerate the sudoers file, revealing sensitive information about other users' permissions. Attackers can collect information that can be used to more targeted attacks.

Systems where users either do not have sudo privileges or have the ability to run all commands as root through sudo (the default configuration on most systems) are not affected by this advisory.

Credits

This issue was identified by Sonia Zorba.

(GitHub Advisory)

Miggo Vulnerability Database

→

CVE-2025-46718

CVE-2025-46718:

3.3

CVSS Score

3.1

-

CVSS Score

Basic Information

Technical Details

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
sudo-rs	rust	< 0.2.6	0.2.6

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability allowed users with limited sudo privileges to list the sudo privileges of other users using the -U flag. This was due to insufficient permission checks in the sudo_rs::sudoers::Sudoers::check_list_permission function. Specifically, when -U <other_user> was used, the function did not verify if the invoking user had the explicit right (the 'list' pseudo-command) to inspect the other user's privileges. The patches address this by:

Introducing the 'list' pseudo-command (commit 63fa222...) so administrators can define this permission.
Modifying ListRequest to explicitly include the inspected_user (commit 598cacd...).
Crucially, updating Sudoers::check_list_permission (commit bd780dc...) to perform a specific check using self.check(...) with command: Path::new(\"list\") when the inspected_user is different from the invoking_user. The functions auth_invoking_user and check_other_users_list_perms in src/sudo/pipeline/list.rs are part of the call chain that leads to the vulnerable check_list_permission function.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

3.3

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2025-46718: sudo-rs Allows Low Privilege Users to Enumerate Privileges of Others

Summary

PoC

Impact

Credits

CVE-2025-46718:

3.3

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

3.3

3.3

Basic Information

Basic Information

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

CVE-2025-46718: sudo-rs Allows Low Privilege Users to Enumerate Privileges of Others

Summary

PoC

Impact

Credits

Technical Details

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI