CVE-2025-46718

Summary: CVE-2025-46718 affects the Rust implementation of sudo-rs prior to 0.2.6. A limited sudo privilege (e.g., allowing a single command) can be exploited to enumerate the sudoers file using the -U flag, exposing sensitive information about other users’ permissions. This is a local attack wit...

CVE-2025-46717

CVE-2025-46717 affects sudo-rs (Rust) prior to v0.2.6. The issue lets low-privilege, local users determine the existence/non-existence of files in directories they cannot access via sudo --list , causing information disclosure. The problem is fixed in v0.2.6; advisories from Fedora (and other sou...