Cybersecurity researchers have uncovered two security vulnerabilities in the Sudo command-line utility used in Linux and Unix-like systems, which could allow local attackers to gain root-level access on affected machines.
A brief description of the vulnerabilities is below –
CVE-2025-32462 (CVSS Score: 2.8)
Affects Sudo versions prior to 1.9.17p1. This flaw arises when the sudoers configuration specifies a host that is neither the current host nor ALL. In such cases, listed users may unintentionally be allowed to execute commands on unauthorized machines.
CVE-2025-32463 (CVSS Score: 9.3)
Also impacts Sudo versions prior to 1.9.17p1. This critical vulnerability allows local users to gain root access by exploiting the --chroot option. It stems from Sudo incorrectly using /etc/nsswitch.conf from a user-controlled directory within the chroot environment.
Sudo is a powerful command-line utility that enables low-privileged users to execute commands as another user – typically the superuser (root). Its primary purpose is to uphold the principle of least privilege, allowing users to perform specific administrative tasks without granting them full system-wide permissions.
The /etc/sudoers file is used to configure the Sudo command, defining who can execute which commands, as which users, and on which systems. It also controls additional settings, such as whether a password is required for specific commands.
Rich Mirch, a researcher at Stratascale who discovered and reported the vulnerabilities, noted that CVE-2025-32462 went unnoticed for over 12 years. The issue stems from Sudo’s -h (host) option, which allows users to list their sudo privileges for a specified host. This feature was introduced in September 2013 and, under certain configurations, can unintentionally expose access to unintended systems.
However, due to the identified flaw, users could exploit the -h (host) option to execute commands permitted on a remote host directly on the local machine – even when the specified host was unrelated-effectively bypassing intended access restrictions.
According to Todd C. Miller, maintainer of the Sudo project, the flaw primarily affects environments where a shared sudoers file is deployed across multiple machines. He added that “sites using LDAP-based sudoers configurations, including SSSD, are also impacted.”
In contrast, CVE-2025-32463 is a critical-severity vulnerability that exploits Sudo’s -R (chroot) option. It allows local users to execute arbitrary commands as root, even if those commands are not permitted in the sudoers file, effectively bypassing configured access controls.
“The default Sudo configuration is vulnerable,” said Rich Mirch. “Although the issue involves the chroot feature, it doesn’t require any specific Sudo rules to be defined for the user. This means that any local, unprivileged user could potentially escalate privileges to root if a vulnerable version is installed.”
In essence, the flaw allows an attacker to trick Sudo into loading a malicious shared library by placing a crafted **/etc/nsswitch.conf** file within a user-controlled chroot directory. This could enable the execution of arbitrary commands with root privileges, bypassing intended access restrictions.
Todd C. Miller noted that the chroot option will be removed entirely in a future release of Sudo, citing that allowing users to specify a custom root directory is “error-prone” and contributes to serious security risks.
Following responsible disclosure on April 1, 2025, both vulnerabilities were patched in Sudo version 1.9.17p1, which was released in late June. Given that Sudo is pre-installed on most Linux distributions, multiple vendors have issued security advisories to alert users and encourage prompt updates.
Affected Distributions
- CVE-2025-32462 affects: AlmaLinux 8, AlmaLinux 9, Alpine Linux, Amazon Linux, Debian, Gentoo, Oracle Linux, Red Hat, SUSE, and Ubuntu.
- CVE-2025-32463 impacts: Alpine Linux, Amazon Linux, Debian, Gentoo, Red Hat, SUSE, and Ubuntu.
Users are strongly advised to apply the latest security patches and ensure their Linux systems are updated with the most recent Sudo packages to mitigate the risks.
Leave A Comment