Sudo Vulnerability in Chroot Mode Affects Local User Access
CVE-2025-32463

9.3CRITICAL

Key Information:

Vendor

Sudo Project

Status
Sudo
Vendor
CVE Published:
30 June 2025

Badges

🥇 Trended No. 1📈 Trended📈 Score: 5,290👾 Exploit Exists🟡 Public PoC📰 News Worthy

What is CVE-2025-32463?

CVE-2025-32463 is a significant vulnerability found in the Sudo software, which is widely utilized in Unix-like operating systems to allow users to run programs with the security privileges of another user, typically the superuser. This particular flaw is associated with the software's chroot mode, which provides an isolated environment for executing commands. The vulnerability arises from the improper handling of the /etc/nsswitch.conf file sourced from a directory controlled by the user when using the --chroot option. This misconfiguration can inadvertently permit local users to gain root access, thereby bypassing essential security controls and compromising the integrity of the system.

The implications of this vulnerability are especially concerning for organizations that rely on Sudo for user management and privilege escalation. If exploited, it could lead to unauthorized administrative access, allowing malicious actors to manipulate system settings, access sensitive data, or even deploy further attacks within the network.

Potential Impact of CVE-2025-32463

  1. Unauthorized Root Access: Local users can exploit this vulnerability to achieve root privileges, enabling them to execute arbitrary commands with full administrative rights, potentially leading to severe security breaches.

  2. System Compromise: By gaining root access, an attacker can manipulate critical system files, install malicious software, or modify system configurations to maintain persistence and control over the compromised system.

  3. Data Leakage and Manipulation: The ability to operate with elevated privileges could result in unauthorized access to sensitive data, leading to data breaches, loss of confidentiality, and potential regulatory repercussions for organizations.

Affected Version(s)

Sudo 1.9.14 < 1.9.17p1

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-32463-POC
Created by K1tt3h

CVE-2025-32463
Created by MohamedKarrab

CVE-2025-32463_chwoot
Created by pr0v3rbs

News Articles

favicon imageHelp Net Security

Week in review: Sudo local privilege escalation flaws fixed, Google patches actively exploited Chrome - Help Net Security

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Sudo local privilege escalation vulnerabilities fixed

2 weeks ago

favicon imageThe Hacker News

Critical Sudo Vulnerabilities Let Local Users Gain Root Access on Linux, Impacting Major Distros

Two critical vulnerabilities in Sudo command-line tool allow privilege escalation for local attackers on Linux systems

2 weeks ago

favicon imageCyberWire

Critical sudo flaw allows Linux users to gain root privileges.

Cisco patches maximum-severity flaw in Unified Communications Manager. Hunters International shuts down operations.

2 weeks ago

References

https://www.sudo.ws/security/advisories/
https://www.sudo.ws/releases/changelog/
https://www.stratascale.com/vulnerability-alert-CVE-2025-...

CVSS V3.1

Score:
9.3
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • 🥇

    Vulnerability reached the number 1 worldwide trending spot

  • 📈

    Vulnerability started trending

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • 📰

    First article discovered by CyberSecurityNews

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-32463 : Sudo Vulnerability in Chroot Mode Affects Local User Access