⚠ Actively exploited

Added to CISA KEV on 2025-09-29. Federal agencies required to patch by 2025-10-20. Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable..

CVE-2025-32463

CWE-829 CWE-42717 documents15 sources

Severity

7.8HIGH

EPSS

38.5%

top 2.76%

CISA KEV

KEV

Added 2025-09-29

Due 2025-10-20

Exploit

PoC available

Public exploit / PoC exists

Affected products

Sudo Project Sudo Canonical Ubuntu Linux Debian Debian Linux +5 more

Timeline

PublishedJun 30

KEV addedSep 29

Latest updateSep 30

KEV dueOct 20

CISA Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Description

Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:HExploitability: 2.5 | Impact: 6.0

Affected Packages6 packages

▶CVEListV5sudo_project/sudo1.9.14 — 1.9.17p1

▶NVDsudo_project/sudo1.9.14 — 1.9.17+1

▶Debiansudo< 1.9.16p2-3+1

▶NVDopensuse/leap15.6

▶NVDsuse/linux_enterprise_desktop15

Also affects: Debian Linux 11.0, 12.0, 13.0, Linux Enterprise 12, Ubuntu Linux 22.04, 24.04, 24.10, 25.04, Enterprise Linux 10.0

🔴Vulnerability Details

CVEList

CVE-2025-32463: Sudo before 1↗2025-06-30

▶

GHSA

GHSA-695j-c63m-mvxc: Sudo before 1↗2025-06-30

▶

OSV

CVE-2025-32463: Sudo before 1↗2025-06-30

▶

OSV

sudo vulnerabilities↗2025-06-30

▶

VulnCheck

Sudo Inclusion of Functionality from Untrusted Control Sphere Vulnerability↗2025

▶

💥Exploits & PoCs

Exploit-DB

Sudo chroot 1.9.17 - Local Privilege Escalation↗2025-07-08

▶

Nuclei

Sudo - Local Privilege Escalation via chroot

▶

🔍Detection Rules

Elastic

Potential CVE-2025-32463 Nsswitch File Creation↗

▶

Sigma

Linux Sudo Chroot Execution↗

▶

Elastic

Potential CVE-2025-32463 Sudo Chroot Execution Attempt↗

▶

📋Vendor Advisories

CISA

Sudo Inclusion of Functionality from Untrusted Control Sphere Vulnerability↗2025-09-29

▶

Red Hat

sudo: LPE via chroot option↗2025-06-30

▶

Ubuntu

Sudo vulnerabilities↗2025-06-30

▶

Microsoft

Sudo before 1.9.17p1 allows local users to obtain root access↗2025-06-10

▶

Debian

CVE-2025-32463: sudo - Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswi...↗2025

▶

🕵️Threat Intelligence

Bleepingcomputer

CISA warns of critical Linux Sudo flaw exploited in attacks↗2025-09-30

▶