Sudo Vulnerability in Chroot Mode Affects Local User Access
CVE-2025-32463
Key Information:
- Vendor
Sudo Project
- Status
- Vendor
- CVE Published:
- 30 June 2025
Badges
What is CVE-2025-32463?
CVE-2025-32463 is a significant vulnerability found in the Sudo software, which is widely utilized in Unix-like operating systems to allow users to run programs with the security privileges of another user, typically the superuser. This particular flaw is associated with the software's chroot mode, which provides an isolated environment for executing commands. The vulnerability arises from the improper handling of the /etc/nsswitch.conf file sourced from a directory controlled by the user when using the --chroot option. This misconfiguration can inadvertently permit local users to gain root access, thereby bypassing essential security controls and compromising the integrity of the system.
The implications of this vulnerability are especially concerning for organizations that rely on Sudo for user management and privilege escalation. If exploited, it could lead to unauthorized administrative access, allowing malicious actors to manipulate system settings, access sensitive data, or even deploy further attacks within the network.
Potential Impact of CVE-2025-32463
-
Unauthorized Root Access: Local users can exploit this vulnerability to achieve root privileges, enabling them to execute arbitrary commands with full administrative rights, potentially leading to severe security breaches.
-
System Compromise: By gaining root access, an attacker can manipulate critical system files, install malicious software, or modify system configurations to maintain persistence and control over the compromised system.
-
Data Leakage and Manipulation: The ability to operate with elevated privileges could result in unauthorized access to sensitive data, leading to data breaches, loss of confidentiality, and potential regulatory repercussions for organizations.
CISA has reported CVE-2025-32463
CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2025-32463 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace
The CISA's recommendation is: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Affected Version(s)
Sudo 1.9.14 < 1.9.17p1
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
News Articles
CISA warns of critical Linux Sudo flaw exploited in attacks
Hackers are actively exploiting a critical vulnerability (CVE-2025-32463) in the sudo package that enables the execution of commands with root-level privileges on Linux operating systems.
6 days ago
The Hacker NewsCVE-2025-32463CISA Sounds Alarm on Critical Sudo Flaw Actively Exploited in Linux and Unix Systems
CISA adds critical Sudo flaw CVE-2025-32463 and four other exploited vulnerabilities to KEV list.
6 days ago
Two bugs for Linux Sudo utility patched, one rated critical
Teams told to patch both because each bug could let attackers fully take over an enterprise system.
References
EPSS Score
23% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
- 🦅
CISA Reported
- 🥇
Vulnerability reached the number 1 worldwide trending spot
- 📈
Vulnerability started trending
- 🟡
Public PoC available
- 👾
Exploit known to exist
- 📰
First article discovered by CyberSecurityNews
Vulnerability published
Vulnerability Reserved