Critical Sudo Privilege Escalation Flaws Patched (CVE-2025-32462, CVE-2025-32463)
▼ Summary
– Update Sudo immediately to patch two local privilege escalation vulnerabilities (CVE-2025-32462, CVE-2025-32463) disclosed recently.
– Sudo is a Unix utility allowing low-privilege users to execute commands as root after authentication, without logging in as root.
– CVE-2025-32462 is a low-severity flaw in Sudo’s host option, exploitable under specific configurations to escalate privileges without an exploit.
– CVE-2025-32463 is a critical flaw in Sudo’s chroot option, allowing attackers to gain root access by manipulating shared library paths.
– Both vulnerabilities are fixed in Sudo version 1.9.17p1, with updates already available for Ubuntu, Debian, and SUSE.
Linux administrators should immediately update their systems to patch two newly discovered privilege escalation vulnerabilities in the Sudo utility (CVE-2025-32462 and CVE-2025-32463). These security flaws could allow local attackers to gain root access under specific conditions, posing significant risks to unpatched systems.
Sudo, short for “superuser do,” is a fundamental component in Unix-like operating systems that enables authorized users to execute commands with elevated privileges. Instead of logging in as root, users authenticate with their own credentials, and if permitted by the system’s sudoers configuration, they can temporarily run administrative commands.
Understanding the Vulnerabilities
Discovered by Rich Mirch from the Stratascale Cyber Research Unit, these flaws affect multiple Sudo versions:
- CVE-2025-32462 – A low-severity privilege escalation bug in the host option (`-h` or `–host`). This issue, present for over a decade, allows users to bypass intended restrictions when listing privileges on remote hosts. Under certain configurations, attackers could exploit this to execute unauthorized commands without needing complex exploits. The vulnerability impacts stable versions (1.9.0–1.9.17) and legacy releases (1.8.8–1.8.32).
- CVE-2025-32463 – A critical flaw in the chroot option (`-R` or `–chroot`), introduced in Sudo 1.9.14. Attackers can manipulate the utility into loading malicious shared libraries by placing a crafted `/etc/nsswitch.conf` file in a user-controlled directory. Successful exploitation grants full root access. This affects versions 1.9.14 through 1.9.17, while older releases remain unaffected due to lacking the chroot feature.
Affected Systems and Mitigation
Stratascale confirmed that these vulnerabilities can be exploited on Ubuntu, Fedora, and macOS Sequoia, among other Unix-based systems. The fixes were rolled out in Sudo 1.9.17p1, released in early June 2025. Major Linux distributions, including Debian, Ubuntu, and SUSE, have already issued updated packages.
Administrators should prioritize updating Sudo to the latest version. Those unable to patch immediately should review sudoers configurations to minimize exposure, particularly by restricting hostname-based rules and monitoring for unusual activity.
For real-time alerts on critical vulnerabilities and security threats, consider subscribing to cybersecurity bulletins. Staying informed ensures timely responses to emerging risks.
(Source: HelpNet Security)
