In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected versions are 1.8.0 through 1.9.12.p1. The problem exists because a user-specified editor may contain a "--" argument that defeats a protection mechanism, e.g., an EDITOR='vim -- /path/to/extra/file' value.

...

CVE-2025-34217

Vasion Print formerly PrinterLogic Virtual Appliance Host and Application VA/SaaS deployments contain an undocumented 'printerlogic' user with a hardcoded SSH public key in '/.ssh/authorizedkeys' and a sudoers rule granting the printerlogicssh group 'NOPASSWD: ALL'. Possession of the matching...

CVE-2025-34217 Vasion Print (formerly PrinterLogic) Undocumented Hardcoded SSH Key

Vasion Print formerly PrinterLogic Virtual Appliance Host and Application VA/SaaS deployments contain an undocumented 'printerlogic' user with a hardcoded SSH public key in '/.ssh/authorizedkeys' and a sudoers rule granting the printerlogicssh group 'NOPASSWD: ALL'. Possession of the matching...

CVE-2025-34217

CVE-2025-34217 concerns Vasion Print (formerly PrinterLogic) Virtual Appliance Host and Application (VA/SaaS deployments). The advisory documents an undocumented local user named printerlogic with a hardcoded SSH public key stored in ~/.ssh/authorized_keys and a sudoers rule giving the printerlog...

CVE-2025-34217 Vasion Print (formerly PrinterLogic) Undocumented Hardcoded SSH Key

Vasion Print formerly PrinterLogic Virtual Appliance Host and Application VA/SaaS deployments contain an undocumented 'printerlogic' user with a hardcoded SSH public key in '/.ssh/authorizedkeys' and a sudoers rule granting the printerlogicssh group 'NOPASSWD: ALL'. Possession of the matching...

CISA Sounds Alarm on Critical Sudo Flaw Actively Exploited in Linux and Unix Systems

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Monday added a critical security flaw impacting the Sudo command-line utility for Linux and Unix-like operating systems to its Known Exploited Vulnerabilities KEV catalog, citing evidence of active exploitation in the wild. The...

Exploit for Inclusion of Functionality from Untrusted Control Sphere in Sudo_Project Sudo

Vulnerability Overview CVE-2025-32463 affects Sudo versions 1.9...

NewStart CGSL MAIN 6.06 : sudo Vulnerability (NS-SA-2025-0224)

The remote NewStart CGSL host, running version MAIN 6.06, has sudo packages installed that are affected by a vulnerability: - A certain Fedora patch for parse.c in sudo before 1.7.4p5-1.fc14 on Fedora 14 does not properly interpret a system group aka %group in the sudoers file during authorizatio...

PT-2025-39985

Name of the Vulnerable Software and Affected Versions Vasion Print formerly PrinterLogic Virtual Appliance Host and Application VA/SaaS deployments affected versions not specified Description The Vasion Print Virtual Appliance Host and Application contains an undocumented user, printerlogic, with...

CISA Adds Five Known Exploited Vulnerabilities to Catalog

CISA has added five new vulnerabilities to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2021-21311link is external Adminer Server-Side Request Forgery Vulnerability CVE-2025-20352link is external Cisco IOS and IOS XE Software SNMP Denial of Servic...

VulnCheck KEV: CVE-2025-32463

Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option...

Sudo Inclusion of Functionality from Untrusted Control Sphere Vulnerability

Sudo contains an inclusion of functionality from untrusted control sphere vulnerability. This vulnerability could allow local attacker to leverage sudo’s -R --chroot option to run arbitrary commands as root, even if they are not listed in the sudoers file...

Avoid Using the root User to Access the System Locally

Users with the root permission can access all Linux resources. If the root user is used to log in to the Linux OS to perform operations, there are many potential security risks. To avoid the risks, do not use the root user to log in to the Linux OS. If necessary, indirectly use the root user...

Exploit for Inclusion of Functionality from Untrusted Control Sphere in Sudo_Project Sudo

CVE-2025-32463-Sudo-Chroot-Escape --- Description This re...

Ensure That Common Users Run Privileged Programs Using the sudo Command

The sudo command enables a specified common user to execute certain programs with the root permission. Most system management commands need to be executed by the root user. For the system administrator, properly authorizing other users can reduce the burden of the system administrator. However,...

CVE-2025-34197

Vasion Print formerly PrinterLogic Virtual Appliance Host versions prior to 22.0.951, Application prior to 20.0.2368 VA and SaaS deployments contain an undocumented local user account named ubuntu with a preset password and a sudoers entry granting that account passwordless root privileges ubuntu...

Exploit for Inclusion of Functionality from Untrusted Control Sphere in Sudo_Project Sudo

🚀 CVE-2025-32463 - Secure Your System from Privilege Escalatio...

Exploit for Inclusion of Functionality from Untrusted Control Sphere in Sudo_Project Sudo

🛠️ CVE-2025-32463chwoot - Securely Handle Privileges in Linux...

CVE-2025-34197

Vasion Print formerly PrinterLogic Virtual Appliance Host versions prior to 22.0.951, Application prior to 20.0.2368 VA and SaaS deployments contain an undocumented local user account named ubuntu with a preset password and a sudoers entry granting that account passwordless root privileges ubuntu...

CVE-2025-34197

Vasion Print formerly PrinterLogic Virtual Appliance Host versions prior to 22.0.951, Application prior to 20.0.2368 VA and SaaS deployments contain an undocumented local user account named ubuntu with a preset password and a sudoers entry granting that account passwordless root privileges ubuntu...