CVE-2025-64170
BaseFortify
Publication date: 2025-11-12
Last updated on: 2025-11-12
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| github | sudo-rs | 0.2.10 |
| github | sudo-rs | 0.2.7 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-549 | The product does not mask passwords during entry, increasing the potential for attackers to observe and capture passwords. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability occurs in sudo-rs versions 0.2.7 to before 0.2.10, where if a user starts typing a password but does not press return for a long time, a password timeout triggers. When this happens, the keystrokes entered so far are echoed back to the console, potentially revealing partial password information. This exposure could lead to password leakage through screen observation or history files if not carefully handled.
How can this vulnerability impact me? :
The vulnerability can expose partial password information to anyone who can see the console or access history files, increasing the risk of password compromise. This could enable attackers to use social engineering or pass-by attacks to gain unauthorized access.
What immediate steps should I take to mitigate this vulnerability?
Upgrade sudo-rs to version 0.2.10 or later, as this version fixes the password timeout issue that causes keystrokes to be echoed back to the console. Until the upgrade, avoid leaving password prompts open without pressing return to prevent partial password exposure.