How severe is CVE-2025-46718?

This vulnerability has a severity rating of LOW with a CVSS score of 3.3 out of 10.

What type of vulnerability is CVE-2025-46718?

This is classified as CWE-497, which is a common weakness in software security.

CVE-2025-46718 - LOW Severity | CVSS 3.3

Vulnerability Description

sudo-rs is a memory safe implementation of sudo and su written in Rust. Prior to version 0.2.6, users with limited sudo privileges (e.g. execution of a single command) can list sudo privileges of other users using the `-U` flag. This vulnerability allows users with limited sudo privileges to enumerate the sudoers file, revealing sensitive information about other users' permissions. Attackers can collect information that can be used to more targeted attacks. Systems where users either do not have sudo privileges or have the ability to run all commands as root through sudo (the default configuration on most systems) are not affected by this advisory. Version 0.2.6 fixes the vulnerability.

Related Vulnerabilities

CVE-2023-5081

LOW

CVSS:3.3(Low)

An information disclosure vulnerability was reported in the Lenovo Tab M8 HD that could allow a local application to gather a non-resettable device identifier.

CWE-4972023

CVE-2024-0053

LOW

CVSS:3.3(Low)

In getCustomPrinterIcon of PrintManagerService.java, there is a possible way to view other user's images due to a confused deputy. This could lead to local information disclosure with no additional ex...

CWE-4972024

CVE-2025-46717

LOW

CVSS:3.3(Low)

sudo-rs is a memory safe implementation of sudo and su written in Rust. Prior to version 0.2.6, users with no (or very limited) sudo privileges can determine whether files exists in folders that they ...

CWE-4972025

CVE-2024-47799

LOW

CVSS:3.5(Low)

Exposure of sensitive system information to an unauthorized control sphere issue exists in Mesh Wi-Fi router RP562B firmware version v1.0.2 and earlier. If this vulnerability is exploited, a network-a...

CWE-4972024

CVE-2023-42010

LOW

CVSS:3.7(Low)

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.2 could disclose sensitive information in the HTTP response using man in the middle techniques. IBM X-For...

CWE-4972023

CVE-2025-24473

LOW

CVSS:3.7(Low)

A exposure of sensitive system information to an unauthorized control sphere in Fortinet FortiClientWindows versions 7.2.0 through 7.2.1 may allow an unauthorized remote attacker to view application i...

CWE-4972025