Vulnerability intelligence

CVE-2025-32463 is a vulnerability that affects Sudo versions 1.9.14 to 1.9.17 inclusive. It allows a local user to gain root access. This is possible because the `/etc/nsswitch.conf` file from a user-controlled directory is used with the `--chroot` option. An attacker can exploit this vulnerability by using Sudo's `-R` or `--chroot` option to execute arbitrary commands as root, even if they are not listed in the `sudoers` file. The vulnerability was fixed in Sudo version 1.9.17p1.

CVE-2025-6554 is a type confusion vulnerability found in the V8 JavaScript engine, which is used in Chrome and other Chromium-based browsers. This vulnerability can be exploited by remote, unauthenticated attackers by serving crafted HTML pages to targeted users. If successful, the attacker can trick V8 into misinterpreting memory types, potentially leading to arbitrary read/write operations. In some scenarios, this could allow for full remote code execution. Google is aware that the vulnerability is being actively exploited in the wild. A security update has been released for Chrome to address this zero-day vulnerability. The vulnerability was discovered by Clément Lecigne of Google's Threat Analysis Group (TAG) on June 25, 2025.

CVE-2025-32462 affects Sudo versions before 1.9.17p1. When Sudo is used with a sudoers file that specifies a host that is neither the current host nor ALL, it allows listed users to execute commands on unintended machines. This vulnerability has existed since the implementation of the host option in Sudo v1.8.8, released in September 2013. The vulnerability can be exploited when Sudo rules are configured to restrict certain hostnames or hostname patterns. In such cases, privilege escalation to root may occur without requiring a specific exploit. To mitigate this vulnerability, it is recommended to install Sudo version 1.9.17p1 or later.

The TeleMessage service through 2025-05-05 is based on a JSP application in which the heap content is roughly equivalent to a "core dump" in which a password previously sent over HTTP would be included in this dump, as exploited in the wild in May 2025.

The TeleMessage service through 2025-05-05 configures Spring Boot Actuator with an exposed heap dump endpoint at a /heapdump URI, as exploited in the wild in May 2025.

CVE-2025-6543 is a memory overflow vulnerability found in Citrix NetScaler ADC and NetScaler Gateway. It affects appliances configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server. The vulnerability stems from improper restriction of operations within the bounds of a memory buffer. Successful exploitation of CVE-2025-6543 could lead to unintended control flow and a denial-of-service (DoS) condition. Exploits targeting this vulnerability have been observed in the wild, prompting Citrix to release security updates.