CVE-2025-25013 Elastic Defend Insertion of Sensitive Information into Log Files

Improper restriction of environment variables in Elastic Defend can lead to exposure of sensitive information such as API keys and tokens via automatic transmission of unfiltered environment variables to the stack...

Command injection

Sudo 1.6.9 before 1.8.5, when envreset is disabled, does not properly check environment variables for the envdelete restriction, which allows local users with sudo permissions to bypass intended command restrictions via a crafted environment variable...

sudo: certain environment variables not sanitized when env_reset is disabled

Sudo 1.6.9 before 1.8.5, when envreset is disabled, does not properly check environment variables for the envdelete restriction, which allows local users with sudo permissions to bypass intended command restrictions via a crafted environment variable...