CVE-2025-32462

Published Jun 30, 2025

Last updated 8 days ago

Overview

AI description

Automated description summarized from trusted sources.

CVE-2025-32462 affects Sudo versions before 1.9.17p1. When Sudo is used with a sudoers file that specifies a host that is neither the current host nor ALL, it allows listed users to execute commands on unintended machines. This vulnerability has existed since the implementation of the host option in Sudo v1.8.8, released in September 2013. The vulnerability can be exploited when Sudo rules are configured to restrict certain hostnames or hostname patterns. In such cases, privilege escalation to root may occur without requiring a specific exploit. To mitigate this vulnerability, it is recommended to install Sudo version 1.9.17p1 or later.

Description
Sudo before 1.9.17p1, when used with a sudoers file that specifies a host that is neither the current host nor ALL, allows listed users to execute commands on unintended machines.
Source
cve@mitre.org
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
2.8
Impact score
1.4
Exploitability score
1.1
Vector string
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N
Severity
LOW

Weaknesses

cve@mitre.org
CWE-863

Social media

Hype score
Not currently trending
  1. [1day1line] CVE-2025-32462: Elevation of Privilege via the host Option in sudo https://t.co/hivGQBVGQx Today’s 1day1line follows up on the previous chroot issue. It's another vulnerability in sudo, this time involving the host option. While no separate exploit is required, th

    @hackyboiz

    16 Jul 2025

    1287 Impressions

    2 Retweets

    19 Likes

    7 Bookmarks

    0 Replies

    0 Quotes

  2. Sudo local privilege escalation vulnerabilities fixed (CVE-2025-32462, CVE-2025-32463) https://t.co/2424MrGTM7

    @linuxtoday

    14 Jul 2025

    3294 Impressions

    7 Retweets

    34 Likes

    2 Bookmarks

    1 Reply

    0 Quotes

  3. CVE-2025-32462 no Sudo afetava setups com arquivos sudoers distribuídos; executar sudo em host não listado permitia executar comandos permitidos em outro host local, escalando privilégios a root sem restrição.

    @hashtagsec

    11 Jul 2025

    32 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. sudo's latest "trick": when chroot and nsswitch conspire against you (cve-2025-32462) https://t.co/NBXVWcM9cv

    @sredevopsorg

    10 Jul 2025

    7 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. CVE-2025-32462: sudo: LPE via host option https://t.co/Wyjn7Gc6eY

    @_r_netsec

    10 Jul 2025

    32 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  6. Critical Sudo bugs expose major Linux distros to local Root exploits Two critical Sudo vulnerabilities (CVE-2025-32462 and CVE-2025-32463) allow local users to escalate privileges to root on Linux systems. CVE-2025-32462 misuses the "--host" option, enabling users to run

    @dCypherIO

    7 Jul 2025

    26 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. CVE-2025-32462 & CVE-2025-32463 are local privilege escalation flaws in Sudo. CVE-32463 (CVSS 9.3) allows any user to gain root using --chroot and a crafted /etc/nsswitch.conf. Default installs are affected. Patch to Sudo 1.9.17p1 now. #Sudo #CVE2025 #Linux https://t.co/I

    @CloneSystemsInc

    7 Jul 2025

    59 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  8. 🚨 Two critical #Sudo flaws (CVE-2025-32462 & CVE-2025-32463) allow local users to gain root on Linux systems. 🛡️ Update to v1.9.17p1 ⚠️ Shared sudoers configs = vulnerable 🔎 Exploits via host & chroot options Patch fast. Stay sharp. #CyberSecurity #Linux h

    @Samuel257196756

    7 Jul 2025

    69 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  9. 🔐Nouvelle faille critique dans Sudo (CVE-2025-32462) : une vulnérabilité vieille de plus de 10 ans permet à un simple utilisateur local d’obtenir un accès root, même sur des systèmes bien configurés. 👉https://t.co/XC0uM4dDFo

    @Astuces_IT

    4 Jul 2025

    11 Impressions

    0 Retweets

    2 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  10. ⚠️ Deux failles critiques dans sudo menacent la sécurité des machines Linux Les vulnérabilités CVE-2025-32462 et CVE-2025-32463 permettent une élévation de privilèges en local, exploitant le fonctionnement même de sudo ➡️ https://t.co/DNggJLD99H #Linux https://

    @ITConnect_fr

    4 Jul 2025

    658 Impressions

    2 Retweets

    9 Likes

    3 Bookmarks

    0 Replies

    0 Quotes

  11. 📌 كشفت أبحاث الأمن السيبراني عن ثغرتين في أداة Sudo لنظم تشغيل Linux و Unix، تتيحان للمهاجمين المحليين زيادة صلاحياتهم إلى الجذر في أنظمة متأثرة. تشمل الثغرات C

    @Cybercachear

    4 Jul 2025

    35 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  12. CVE-2025-32462: sudo: LPE via host option https://t.co/Wyjn7Gc6eY

    @_r_netsec

    4 Jul 2025

    782 Impressions

    0 Retweets

    3 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  13. 🚨 12-Year-Old Sudo Linux Vulnerability Enables Privilege Escalation to Root User Read more: https://t.co/cyUISoHPuy ✅ 12-Year-Old Vulnerability, CVE-2025-32462 in Sudo's -h option has allowed root escalation since 2013. ✅ Affects Sudo versions 1.8.8-1.9.17 across Linux/

    @The_Cyber_News

    3 Jul 2025

    779 Impressions

    5 Retweets

    14 Likes

    5 Bookmarks

    0 Replies

    0 Quotes

  14. 🚨 CRITICAL: Two Sudo vulnerabilities (CVE-2025-32462 & CVE-2025-32463) allow ANY local user to gain root access on Linux systems. Millions of servers at risk. One flaw hid undetected for 12 YEARS. Patch to 1.9.17p1 NOW. https://t.co/GFh7BduBUm #InfoSec #Linux #CyberSecuri

    @cyberkendra

    3 Jul 2025

    6 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  15. CVE-2025-32462 : ซูโดโฮสต์ ตัวเลือกการยกระดับความอ่อนแอของสิทธิพิเศษ https://t.co/Dy0hZWCDTX https://t.co/Kx9ro2wfO2

    @freedomhack101

    2 Jul 2025

    80 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  16. ⚠️Google、Chromeのゼロデイ脆弱性CVE-2025-6554に対するセキュリティアップデートを公開 🔨Linuxコマンド「sudo」におけるローカル権限昇格の脆弱性が修正される(CVE-2025-32462、CVE-2025-32463) 〜サイバーアラート

    @MachinaRecord

    2 Jul 2025

    113 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  17. Unpopular opinion: CVE-2025-32462 (#sudo recent LEoP) is not critical. Risk: High (based on CVSS 4.0 scoring) Attacker Value: Medium Exploitability: Low https://t.co/CeadbAgOiz https://t.co/841gpnjYnP

    @noraj_rawsec

    1 Jul 2025

    14 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  18. 🚨 CVE-2025-32462: Sudo --host option lets attackers escalate to root on SUSE Linux (CVSS 7.3). Patch guide for openSUSE/SLE: ▶️ Affected versions ▶️ zypper patch commands ▶️ Verification Read more: 👉 https://t.co/qM5pWm0jWM #InfoSec #SysAdmin https://t.co/13TU

    @Cezar_H_Linux

    1 Jul 2025

    58 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  19. 🚨 Breaking: CVE-2025-32462 in Sudo (CVSS 7.3) lets attackers escalate privileges via --host. Patch IMMEDIATELY if using: @openSUSE Leap 15.4 @SUSELinuxEnterprise 15 SP4 SUSE Manager 4.3 Read more: 👉https://t.co/1YHkzDAOQr https://t.co/oPPIhOae

    @Cezar_H_Linux

    1 Jul 2025

    52 Impressions

    1 Retweet

    1 Like

    1 Bookmark

    0 Replies

    0 Quotes

  20. 🔐 Critical sudo vulnerability (CVE-2025-32462) patched!* CVSS 7.3 – allows local attackers to gain root. Patch SUSE 12 SP5 NOW: Read more: 👉 https://t.co/DJa8eQOBz8 #InfoSec #DevOps https://t.co/tYkPsgoApA

    @Cezar_H_Linux

    1 Jul 2025

    15 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  21. Sudo local privilege escalation vulnerabilities fixed (CVE-2025-32462, CVE-2025-32463) https://t.co/yOg3nsZOap #HelpNetSecurity #Cybersecurity https://t.co/6AxLVFl5OZ

    @PoseidonTPA

    1 Jul 2025

    84 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  22. Sudo local privilege escalation vulnerabilities fixed (CVE-2025-32462, CVE-2025-32463) https://t.co/rgS4Kk6HWz

    @TheCyberSecHub

    1 Jul 2025

    2027 Impressions

    6 Retweets

    12 Likes

    3 Bookmarks

    0 Replies

    1 Quote

  23. Sudo local privilege escalation vulnerabilities fixed (CVE-2025-32462, CVE-2025-32463) https://t.co/BAnFds6cr8 https://t.co/NjgKeTHT4n

    @evanderburg

    1 Jul 2025

    27 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  24. CVE-2025-32462 – Sudo host Option Elevation of Privilege Vulnerability https://t.co/eOSVXbcu9v

    @CyrilJovet

    1 Jul 2025

    37 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  25. CVE-2025-32462 Local Privilege Escalation via host option | Sudo https://t.co/2ZBFwsmVxc CVE-2025-32463 Local Privilege Escalation via chroot option | Sudo https://t.co/ktqrvfZEXM

    @autumn_good_35

    1 Jul 2025

    585 Impressions

    0 Retweets

    2 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  26. Two Sudo flaws (CVE-2025-32463 & CVE-2025-32462) allow local users full root via PoC. Critical privilege escalation vulnerabilities revealed by Stratascale CRU. #CyberSecurity #LinuxExploit #SudoVulnerability #PrivilegeEscalation #CVE2025 #PoC #RootAccess https://t.co/zbdErb

    @the_yellow_fall

    1 Jul 2025

    1642 Impressions

    14 Retweets

    23 Likes

    11 Bookmarks

    0 Replies

    1 Quote

  27. CVE-2025-32462 Sudo before 1.9.17p1, when used with a sudoers file that specifies a host that is neither the current host nor ALL, allows listed users to execute commands on uninten… https://t.co/lNRZSgLl81

    @CVEnew

    30 Jun 2025

    661 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  28. CVE-2025-32462 CVE-2025-32462 https://t.co/Xlz0yscI65

    @VulmonFeeds

    30 Jun 2025

    47 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  29. CVE-2025-32462: sudo local privilege escalation via host option https://t.co/lWKMNbCHbc use sudoers rules for any host CVE-2025-32463: sudo local privilege escalation via chroot option https://t.co/r7suerSOWG leverage sudo's -R (--chroot) option to run arbitrary commands as root

    @oss_security

    30 Jun 2025

    28 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  30. ⚠️ Faille Sudo, il faut corriger rapidement. CVE-2025-32462 : une faille dans sudo permet l’escalade de privilèges locaux via l’option host (V) TL;DR : Faille de type "Trust me bro on est sur une autre machine lance la commande". (L) 👉 https://t.co/ey2EfBQ4JJ https

    @bearstech

    30 Jun 2025

    12661 Impressions

    69 Retweets

    167 Likes

    69 Bookmarks

    9 Replies

    3 Quotes

  31. I published blogs detailing two vulnerabilities I recently discovered in Sudo. Update to 1.9.17p1. CVE-2025-32462 - Sudo Host option Elevation of Privilege Vulnerability https://t.co/IrN1Yj8nGD CVE-2025-32463 - Sudo chroot Elevation of Privilege Vulnerability

    @0xm1rch

    30 Jun 2025

    12514 Impressions

    40 Retweets

    135 Likes

    65 Bookmarks

    5 Replies

    3 Quotes