CVE-2025-32462: 
Alma Linux vulnerability analysis and mitigation

CVE-2025-32462 affects Sudo versions 1.8.8 to 1.9.17, where a vulnerability in the host (-h or --host) option allows listed users to execute commands on unintended machines. The vulnerability was discovered and disclosed on June 30, 2025, affecting systems that use Sudo for privilege escalation (Sudo Advisory, Ubuntu Security).

The vulnerability stems from a bug in Sudo's host option (-h or --host), which was intended to be used only with the list option (-l or --list) to display user privileges on other hosts. However, the restriction was not properly implemented, allowing the option to be used when running commands via sudo or editing files with sudoedit. The vulnerability has been assigned a CVSS v3.1 base score of 2.8 (LOW) with the vector string CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N (NVD Database).

The vulnerability primarily affects systems that share a single sudoers configuration file across multiple computers or use network-based sudoers configurations. For example, if a sudoers rule specifies 'alice cerebus = ALL', user alice could execute 'sudo -h cerebus id' on any host, not just cerebus, effectively bypassing host-based access restrictions (Openwall Advisory).

The vulnerability has been fixed in Sudo version 1.9.17p1. System administrators are advised to upgrade to this version or later. Ubuntu has released security updates for all affected versions, including ESM coverage for older releases through Ubuntu Pro (Ubuntu Security).