CVE-2025-64170
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-11-12

Last updated on: 2025-11-12

Assigner: GitHub, Inc.

Description
sudo-rs is a memory safe implementation of sudo and su written in Rust. Starting in version 0.2.7 and prior to version 0.2.10, if a user begins entering a password but does not press return for an extended period, a password timeout may occur. When this happens, the keystrokes that were entered are echoed back to the console. This could reveal partial password information, possibly exposing history files when not carefully handled by the user and on screen, usable for Social Engineering or Pass-By attacks. Version 0.2.10 fixes the issue.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-11-12
Last Modified
2025-11-12
Generated
2026-06-16
AI Q&A
2025-11-13
EPSS Evaluated
2026-06-15
NVD
CVE-2025-64170
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
github sudo-rs 0.2.10
github sudo-rs 0.2.7
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-549 The product does not mask passwords during entry, increasing the potential for attackers to observe and capture passwords.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability occurs in sudo-rs versions 0.2.7 to before 0.2.10, where if a user starts typing a password but does not press return for a long time, a password timeout triggers. When this happens, the keystrokes entered so far are echoed back to the console, potentially revealing partial password information. This exposure could lead to password leakage through screen observation or history files if not carefully handled.

Impact Analysis

The vulnerability can expose partial password information to anyone who can see the console or access history files, increasing the risk of password compromise. This could enable attackers to use social engineering or pass-by attacks to gain unauthorized access.

Mitigation Strategies

Upgrade sudo-rs to version 0.2.10 or later, as this version fixes the password timeout issue that causes keystrokes to be echoed back to the console. Until the upgrade, avoid leaving password prompts open without pressing return to prevent partial password exposure.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-64170. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart