Critical Vulnerability Information Vulnerability Title Low Privilege Users Can Discover the Existence of Files in Inaccessible Folders Affected Versions Affected versions: <= 0.2.5 Patched versions: 0.2.6 Vulnerability Description Summary: Users without (or with very limited) sudo privileges can use the command to determine whether a file exists in folders they cannot access. Severity Severity: Low (3.3/10) CVSS v3 base metrics: - Attack vector: Local - Attack complexity: Low - Privileges required: Low - User interaction: None - Scope: Unchanged - Confidentiality: Low - Integrity: None - Availability: None Vulnerability ID CVE ID: CVE-2025-46717 Weaknesses Weaknesses: CWE-497 Related Information Original sudo: The original sudo (tested vulnerable version: 1.9.15p5) exhibits similar behavior for files with the executable bit set. Impact Impact: Local users can discover the existence or non-existence of certain files, potentially revealing sensitive information in filenames. This information can also be combined with other attacks. Credits Credits: This issue was discovered by Marc Schoolderman, a sudo-rs developer.