Sudo Vulnerability in Chroot Mode Affects Local User Access
CVE-2025-32463

9.3CRITICAL

Key Information:

Vendor

Sudo Project

Status
Sudo
Vendor
CVE Published:
30 June 2025

Badges

πŸ”₯ Trending nowπŸ“ˆ TrendedπŸ“ˆ Score: 2,720πŸ‘Ύ Exploit Exists🟑 Public PoCπŸ“° News Worthy

What is CVE-2025-32463?

CVE-2025-32463 is a significant vulnerability found in the Sudo software, which is widely utilized in Unix-like operating systems to allow users to run programs with the security privileges of another user, typically the superuser. This particular flaw is associated with the software's chroot mode, which provides an isolated environment for executing commands. The vulnerability arises from the improper handling of the /etc/nsswitch.conf file sourced from a directory controlled by the user when using the --chroot option. This misconfiguration can inadvertently permit local users to gain root access, thereby bypassing essential security controls and compromising the integrity of the system.

The implications of this vulnerability are especially concerning for organizations that rely on Sudo for user management and privilege escalation. If exploited, it could lead to unauthorized administrative access, allowing malicious actors to manipulate system settings, access sensitive data, or even deploy further attacks within the network.

Potential Impact of CVE-2025-32463

  1. Unauthorized Root Access: Local users can exploit this vulnerability to achieve root privileges, enabling them to execute arbitrary commands with full administrative rights, potentially leading to severe security breaches.

  2. System Compromise: By gaining root access, an attacker can manipulate critical system files, install malicious software, or modify system configurations to maintain persistence and control over the compromised system.

  3. Data Leakage and Manipulation: The ability to operate with elevated privileges could result in unauthorized access to sensitive data, leading to data breaches, loss of confidentiality, and potential regulatory repercussions for organizations.

Affected Version(s)

Sudo 1.9.14 < 1.9.17p1

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-32463_chwoot
Created by pr0v3rbs

News Articles

favicon imageHelp Net Security

Sudo local privilege escalation vulnerabilities fixed (CVE-2025-32462, CVE-2025-32463) - Help Net Security

If you haven't recently updated the Sudo utility on your Linux box(es), you should do so now, to patch CVE-2025-32462 and CVE-2025-32463.

7 hours ago

favicon imageCyberSecurityNews

Linux Sudo chroot Vulnerability Enables Hackers to Elevate Privileges to Root

A security vulnerability in the widely used Linux Sudo utility has been disclosed, allowing any local unprivileged user to escalate privileges.Β 

13 hours ago

References

https://www.sudo.ws/security/advisories/
https://www.sudo.ws/releases/changelog/
https://www.stratascale.com/vulnerability-alert-CVE-2025-...

CVSS V3.1

Score:
9.3
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • πŸ“ˆ

    Vulnerability started trending

  • 🟑

    Public PoC available

  • πŸ‘Ύ

    Exploit known to exist

  • πŸ“°

    First article discovered by CyberSecurityNews

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-32463 : Sudo Vulnerability in Chroot Mode Affects Local User Access