CVE-2025-32463

CVSS v3.1

9.3

Critical

Vector

AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Sudo versions prior to 1.9.17p1

Description An issue exists where local users can obtain root access by exploiting the --chroot (or -R) option. The flaw allows an attacker to place a malicious nsswitch.conf configuration file within a user-controlled directory, which is then used by the system when the chroot option is invoked. This enables the execution of arbitrary commands as root, bypassing the permissions typically enforced by the sudoers file. This issue has been reported as actively exploited in the wild.

Recommendations Upgrade Sudo to version 1.9.17p1 or later. As a temporary containment measure, remove the SUID bit from /usr/bin/sudo to prevent privilege elevation.

Exploit

Fix

LPE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-829

Related Identifiers

ALSA-2025:11537

ALSA-2025_10110

ALSA-2025_9978

ALT-PU-2025-8812

ALT-PU-2025-8851

ALT-PU-2025-8863

AZL-64458

AZL-64464

BDU:2025-07765

CVE-2025-32463

MGASA-2025-0213

OESA-2025-1735

OESA-2025-1736

OESA-2025-1759

OPENSUSE-SU-2025:15298-1

RHSA-2025:11537

ROSA-SA-2025-2905

SUSE-SU-2025:02177-1

SUSE-SU-2025:20478-1

SUSE-SU-2025:20489-1

SUSE-SU-2025_02177-1

USN-7604-1

Affected Products

Alt Linux

Linuxmint

Red Os

Sudo

Suse

Ubuntu

CVE-2025-32463

Weakness Enumeration

Related Identifiers

Affected Products

References · 336