vulnerability
FreeBSD: VID-bf6c9252-c2ec-11f0-8372-98b78501ef2a (CVE-2025-64517): sudo-rs -- Authenticating user not recorded properly in timestamp
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:L/AC:L/Au:M/C:N/I:C/A:N) | Nov 16, 2025 | Dec 10, 2025 | Dec 10, 2025 |
Severity
4
CVSS
(AV:L/AC:L/Au:M/C:N/I:C/A:N)
Published
Nov 16, 2025
Added
Dec 10, 2025
Modified
Dec 10, 2025
Description
Trifecta Tech Foundation reports: With Defaults targetpw (or Defaults rootpw) enabled, the password of the target account (or root account) instead of the invoking user is used for authentication. sudo-rs prior to 0.2.10 incorrectly recorded the invoking user’s UID instead of the authenticated-as user's UID in the authentication timestamp. Any later sudo invocation on the same terminal while the timestamp was still valid would use that timestamp, potentially bypassing new authentication even if the policy would have required it.
Solutions
freebsd-upgrade-package-sudo-rsfreebsd-upgrade-package-sudo-rs-coexist
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.