CVE-2025-32463

Published Jun 30, 2025

Last updated 18 hours ago

Overview

AI description

Automated description summarized from trusted sources.

CVE-2025-32463 is a vulnerability that affects Sudo versions 1.9.14 to 1.9.17 inclusive. It allows a local user to gain root access. This is possible because the `/etc/nsswitch.conf` file from a user-controlled directory is used with the `--chroot` option. An attacker can exploit this vulnerability by using Sudo's `-R` or `--chroot` option to execute arbitrary commands as root, even if they are not listed in the `sudoers` file. The vulnerability was fixed in Sudo version 1.9.17p1.

Description
Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.
Source
cve@mitre.org
NVD status
Received

Insights

Analysis from the Intruder Security Team
Published Jul 2, 2025 Updated Jul 2, 2025

This is a serious local privilege escalation vulnerability in the sudo tool, which is present on most Unix systems. You should update this as soon as possible if your version is less than 1.9.14.

Exploiting this vulnerability requires an attacker to have access to the machine already - so it's most serious in environments where lower-privileged users routinely have access to systems. However, all vulnerable systems should be patched.

Risk scores

CVSS 3.1

Type
Secondary
Base score
9.3
Impact score
6
Exploitability score
2.5
Vector string
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Severity
CRITICAL

Weaknesses

cve@mitre.org
CWE-829

Social media

Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.

Hype score

72

  1. CVE-2025-32463 An attacker can leverage sudo’s -R (--chroot) option to run arbitrary commands as root, even if they are not listed in the sudoers file. Sudo versions 1.9.14 to 1.9.17 inclusive are affected. PoC: - https://t.co/aWjbr7INTH

    @LostN3rd

    2 Jul 2025

    3 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. CVE-2025-32463対策やっておかなきゃね!とおもったけど22.04LTSだったから影響ないですね(迫るEOLと原因となっているあれこれの24対応の遅さ) https://t.co/SIGKzEuzdY

    @mogmod

    2 Jul 2025

    135 Impressions

    0 Retweets

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. "CVE-2025-32463: sudo local privilege escalation via chroot option" An attacker can leverage sudo's -R (--chroot) option to run arbitrary commands as root, even if they are not listed in the sudoers file. Sudo versions 1.9.14 to 1.9.17 affected. https://t.co/CIlFVA1GF5 #infosec

    @_hg8_

    2 Jul 2025

    42 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. CVE-2025-32463のPoCのやつシュッとrootとれてすごい

    @M_UNIVERSE

    2 Jul 2025

    75 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. ⚠️Google、Chromeのゼロデイ脆弱性CVE-2025-6554に対するセキュリティアップデートを公開 🔨Linuxコマンド「sudo」におけるローカル権限昇格の脆弱性が修正される(CVE-2025-32462、CVE-2025-32463) 〜サイバーアラート

    @MachinaRecord

    2 Jul 2025

    113 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. Critical #Linux flaw CVE-2025-32463 in sudo allows privilege escalation. Patch now. Full details: https://t.co/AsnLRLj8d4 #CyberSecurity #CVE202532463

    @CybersecSntl

    2 Jul 2025

    16 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. 🚨 Detecting Sudo --chroot Abuse in #Microsoft Sentinel Using KQL (#CVE-2025-32463) https://t.co/q1mqQs1pQf Educational Purposes!

    @UndercodeUpdate

    2 Jul 2025

    2 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  8. GitHub - pr0v3rbs/CVE-2025-32463_chwoot: sudo Local Privilege Escalation CVE-2025-32463 - https://t.co/5yEGxP967f

    @piedpiper1616

    2 Jul 2025

    1960 Impressions

    28 Retweets

    35 Likes

    13 Bookmarks

    0 Replies

    1 Quote

  9. CVE-2025-32463: Sudo chroot Elevation of Privilege https://t.co/Aw65SsVF0s

    @minamijoyo

    2 Jul 2025

    57 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  10. CVE-2025-32463: sudo local privilege escalation via chroot option https://t.co/AB2bm9RVKU https://t.co/1wNYyBYbh5

    @secharvesterx

    2 Jul 2025

    93 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  11. なんか朝からCVE-2025-32463とかいうやばい情報流れてきてワロエナイ

    @_Sora_Engineer

    1 Jul 2025

    100 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    1 Reply

    0 Quotes

  12. CVE-2025-32463: sudo local privilege escalation via chroot option https://t.co/oRX67NJrHY

    @jedisct1

    1 Jul 2025

    269 Impressions

    2 Retweets

    0 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  13. 👀 CVE-2025-32463: sudo local privilege escalation via chroot option. https://t.co/XaCA4VQgJ8

    @hahwul

    1 Jul 2025

    62 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  14. Sudoに重大(Critical)な脆弱性。CVE-2025-32463はCVSSスコア9.3で、chroot (-R)オプションの処理における不備。sudoersファイルの評価前にchroot内でパスの解決を開始するため、偽の/etc/nsswitch.confを読み込ませることでrootで

    @__kokumoto

    1 Jul 2025

    8289 Impressions

    65 Retweets

    142 Likes

    53 Bookmarks

    0 Replies

    1 Quote

  15. CVE-2025-32463 – Sudo EOP Exploit https://t.co/qZukw0SJXP

    @TheHackerWire

    1 Jul 2025

    26 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  16. Linux Sudo chroot Vulnerability Enables Hackers to Elevate Privileges to Root (CVE-2025-32463) https://t.co/iktwtkTFhK #patchmanagement

    @eyalestrin

    1 Jul 2025

    7 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  17. CVE-2025-32463, CVSS: 9.3 - รุ่นซูโด 1.9.14 ถึง 1.9.17 ช่องโหว่ช่วยให้ผู้ใช้ในท้องถิ่นสามารถเข้าถึงรากผ่านตัวเลือก --chroot เนื่อ

    @freedomhack101

    1 Jul 2025

    91 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  18. Sudo local privilege escalation vulnerabilities fixed (CVE-2025-32462, CVE-2025-32463) https://t.co/yOg3nsZOap #HelpNetSecurity #Cybersecurity https://t.co/6AxLVFl5OZ

    @PoseidonTPA

    1 Jul 2025

    84 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  19. Sudo local privilege escalation vulnerabilities fixed (CVE-2025-32462, CVE-2025-32463) https://t.co/rgS4Kk6HWz

    @TheCyberSecHub

    1 Jul 2025

    2027 Impressions

    6 Retweets

    12 Likes

    3 Bookmarks

    0 Replies

    1 Quote

  20. Sudo local privilege escalation vulnerabilities fixed (CVE-2025-32462, CVE-2025-32463) https://t.co/BAnFds6cr8 https://t.co/NjgKeTHT4n

    @evanderburg

    1 Jul 2025

    27 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  21. cve-2025-32463の実証をDockerでやろうと思ったのだが、なぜかうまくいかないなあ。

    @5ftwtf

    1 Jul 2025

    70 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  22. LinuxのSudoにおける重大な脆弱性CVE-2025-32463が公表された。Sudo 1.9.14〜1.9.17に存在し、非特権ユーザーがroot権限を取得可能となる。

    @yousukezan

    1 Jul 2025

    59120 Impressions

    248 Retweets

    515 Likes

    254 Bookmarks

    2 Replies

    12 Quotes

  23. ⚠️ Linux Sudo chroot Vulnerability Enables Hackers to Elevate Privileges to Root - PoC Released Read more: https://t.co/bbuG5Ultq2 👉 CVE-2025-32463 affects Sudo versions 1.9.14-1.9.17, enabling privilege escalation to root. 👉 Exploitation uses the chroot option (-R)

    @The_Cyber_News

    1 Jul 2025

    782 Impressions

    1 Retweet

    7 Likes

    5 Bookmarks

    0 Replies

    0 Quotes

  24. CVE-2025-32462 Local Privilege Escalation via host option | Sudo https://t.co/2ZBFwsmVxc CVE-2025-32463 Local Privilege Escalation via chroot option | Sudo https://t.co/ktqrvfZEXM

    @autumn_good_35

    1 Jul 2025

    585 Impressions

    0 Retweets

    2 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  25. Two Sudo flaws (CVE-2025-32463 & CVE-2025-32462) allow local users full root via PoC. Critical privilege escalation vulnerabilities revealed by Stratascale CRU. #CyberSecurity #LinuxExploit #SudoVulnerability #PrivilegeEscalation #CVE2025 #PoC #RootAccess https://t.co/zbdErb

    @the_yellow_fall

    1 Jul 2025

    1642 Impressions

    14 Retweets

    23 Likes

    11 Bookmarks

    0 Replies

    1 Quote

  26. oh no 🟥 CVE-2025-32463, CVSS: 9.3 (#Critical) #Sudo version 1.9.14 to 1.9.17 #Vulnerability allows local users to gain root access via the --chroot option due to improper handling of /etc/nsswitch.conf. #CyberSecurity #CVE #PrivilegeEscalation https://t.co/nYZy5HjHkh ht

    @UjlakiMarci

    30 Jun 2025

    40285 Impressions

    188 Retweets

    543 Likes

    310 Bookmarks

    5 Replies

    12 Quotes

  27. CVE-2025-32463 Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option. https://t.co/y2GBVhrm7y

    @CVEnew

    30 Jun 2025

    190 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  28. [CVE-2025-32463: CRITICAL] Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.#cve,CVE-2025-32463,#cybersecurity https://t.co/bT7sB4W1WH https://t.co/Ea3Js47qMf

    @CveFindCom

    30 Jun 2025

    139 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  29. CVE-2025-32462: sudo local privilege escalation via host option https://t.co/lWKMNbCHbc use sudoers rules for any host CVE-2025-32463: sudo local privilege escalation via chroot option https://t.co/r7suerSOWG leverage sudo's -R (--chroot) option to run arbitrary commands as root

    @oss_security

    30 Jun 2025

    28 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  30. #grsecurity users are unaffected by CVE-2025-32463 (sudo chroot option privesc) when a feature available since 2021 is enabled. Customers can view our KB article on an earlier vulnerability this year, CVE-2025-4802 for glibc, to see how exploitation is prevented in the same way.

    @grsecurity

    30 Jun 2025

    2339 Impressions

    6 Retweets

    23 Likes

    6 Bookmarks

    0 Replies

    0 Quotes

  31. I published blogs detailing two vulnerabilities I recently discovered in Sudo. Update to 1.9.17p1. CVE-2025-32462 - Sudo Host option Elevation of Privilege Vulnerability https://t.co/IrN1Yj8nGD CVE-2025-32463 - Sudo chroot Elevation of Privilege Vulnerability

    @0xm1rch

    30 Jun 2025

    12514 Impressions

    40 Retweets

    135 Likes

    65 Bookmarks

    5 Replies

    3 Quotes