I started using Linux prior to the advent of sudo. Back then, any time I needed to run admin tasks, I had to first su to the root user, run the task, and then exit the root user. Because root was enabled, some users would simply log in as root and forgo a standard user account altogether. That's a security risk no one should take.
CVE-2025-32462 has received a lower CVSS score due to the conditions that are needed. Namely, successful execution would require someone to make a misconfiguration and deploy a Sudoers file with an incorrect host for this vulnerability to work.
CVE-2025-32462 allows listed users to execute commands on unintended machines due to a flaw with the sudoers file, enabling privilege escalation on susceptible setups.