Sudo Vulnerability in Chroot Mode Affects Local User Access
CVE-2025-32463
Key Information:
- Vendor
Sudo Project
- Status
- Vendor
- CVE Published:
- 30 June 2025
Badges
What is CVE-2025-32463?
CVE-2025-32463 is a significant vulnerability found in the Sudo software, which is widely utilized in Unix-like operating systems to allow users to run programs with the security privileges of another user, typically the superuser. This particular flaw is associated with the software's chroot mode, which provides an isolated environment for executing commands. The vulnerability arises from the improper handling of the /etc/nsswitch.conf
file sourced from a directory controlled by the user when using the --chroot
option. This misconfiguration can inadvertently permit local users to gain root access, thereby bypassing essential security controls and compromising the integrity of the system.
The implications of this vulnerability are especially concerning for organizations that rely on Sudo for user management and privilege escalation. If exploited, it could lead to unauthorized administrative access, allowing malicious actors to manipulate system settings, access sensitive data, or even deploy further attacks within the network.
Potential Impact of CVE-2025-32463
-
Unauthorized Root Access: Local users can exploit this vulnerability to achieve root privileges, enabling them to execute arbitrary commands with full administrative rights, potentially leading to severe security breaches.
-
System Compromise: By gaining root access, an attacker can manipulate critical system files, install malicious software, or modify system configurations to maintain persistence and control over the compromised system.
-
Data Leakage and Manipulation: The ability to operate with elevated privileges could result in unauthorized access to sensitive data, leading to data breaches, loss of confidentiality, and potential regulatory repercussions for organizations.
Affected Version(s)
Sudo 1.9.14 < 1.9.17p1
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
News Articles
Sudo local privilege escalation vulnerabilities fixed (CVE-2025-32462, CVE-2025-32463) - Help Net Security
If you haven't recently updated the Sudo utility on your Linux box(es), you should do so now, to patch CVE-2025-32462 and CVE-2025-32463.
7 hours ago

Linux Sudo chroot Vulnerability Enables Hackers to Elevate Privileges to Root
A security vulnerability in the widely used Linux Sudo utility has been disclosed, allowing any local unprivileged user to escalate privileges.Β
13 hours ago
References
CVSS V3.1
Timeline
- π
Vulnerability started trending
- π‘
Public PoC available
- πΎ
Exploit known to exist
- π°
First article discovered by CyberSecurityNews
Vulnerability published
Vulnerability Reserved