CVE-2025-32463

Published Jun 30, 2025

Last updated a month ago

CVSS critical 9.3
sudo
chwoot

Overview

AI description

Automated description summarized from trusted sources.

CVE-2025-32463 is a vulnerability that affects Sudo versions 1.9.14 to 1.9.17 inclusive. It allows a local user to gain root access. This is possible because the `/etc/nsswitch.conf` file from a user-controlled directory is used with the `--chroot` option. An attacker can exploit this vulnerability by using Sudo's `-R` or `--chroot` option to execute arbitrary commands as root, even if they are not listed in the `sudoers` file. The vulnerability was fixed in Sudo version 1.9.17p1.

Description
Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.
Source
cve@mitre.org
NVD status
Modified
Products
sudo, ubuntu_linux, debian_linux, leap, enterprise_linux, linux_enterprise_desktop, linux_enterprise_real_time, linux_enterprise_server_for_sap

Insights

Analysis from the Intruder Security Team
Published Jul 2, 2025 Updated Jul 2, 2025

This is a serious local privilege escalation vulnerability in the sudo tool, which is present on most Unix systems. You should update this as soon as possible if your version is less than 1.9.14.

Exploiting this vulnerability requires an attacker to have access to the machine already - so it's most serious in environments where lower-privileged users routinely have access to systems. However, all vulnerable systems should be patched.

Risk scores

CVSS 3.1

Type
Primary
Base score
7.8
Impact score
5.9
Exploitability score
1.8
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity
HIGH

Weaknesses

cve@mitre.org
CWE-829

Social media

Hype score
Not currently trending

  1. #Linux #VulnerabilityReport Critical Sudo Flaw (CVE-2025-32463, CVSS 9.3): Root Privilege Escalation & Host Bypass, PoC Available https://t.co/USDDjcxsUR

    @Komodosec

    6 Aug 2025

    18 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. 🎧 New Episode: MALFUNKT1ON RADIO | EP03 – Sudo Secrets CVE-2025-32463 cracked open privilege escalation. We break it down, attacker-style. 🔗 Listen now: https://t.co/UpyeiZFril #OffSec #SudoExploit #CVE202532463 #RedTeam #Infosec #GodAccessLabs #Malfunkt1onRadio

    @GodAccessHQ

    6 Aug 2025

    4 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. I just performed a fresh offline install of Ubuntu Desktop 24.04.2, deliberately preventing any automatic updates during setup. Shortly after logging in, I discovered that my VM was vulnerable to CVE-2025-32463, a local privilege escalation flaw in sudo. https://t.co/fQE7uHdQZm

    @_Karrab

    31 Jul 2025

    85 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    1 Reply

    0 Quotes

  4. 🚨 CRITICAL sudo flaws in #Mageia 9: CVE-2025-32463: Local → root escalation CVE-2025-32462: Unauthorized command execution ✅ Patch: sudo-1.9.17p1 ✅ Verify: sudo --version Read more: 👉https://t.co/SZmcNj2Pbr https://t.co/qPyhHjTAe1

    @Cezar_H_Linux

    26 Jul 2025

    37 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. 🚨 ATENÇÃO 🚨 CHWOOT (CVE-2025-32463) explodiu nos radares: falha CRÍTICA no Sudo permite escalonamento para root via --chroot. ⚡ RESUMO DA AMEAÇA: - O que?: Vulnerabilidade no `sudo -R` que usa `/etc/nsswitch.conf` de diretório controlado pelo usuário. - Gr

    @romildothuf

    24 Jul 2025

    34 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. [Research] CVE-2025-32463 Into the 'sudo -R' https://t.co/6UwoOp47aT Hello, I'm poosic. This is my first research post! I've summarized the questions I had while analyzing the CVE-2025-32463: ‘sudo -R’ LPE vulnerability and my analysis of it! I hope it will be helpful for

    @hackyboiz

    21 Jul 2025

    2964 Impressions

    13 Retweets

    38 Likes

    8 Bookmarks

    0 Replies

    0 Quotes

  7. This is a PoC for CVE-2025-32463 — a local privilege escalation to root via sudo. What makes this PoC special is that it doesn’t require gcc to be installed on the target system — just clone and run! https://t.co/f9nVNLW7Mb https://t.co/N1pOrfCSI9

    @_Karrab

    20 Jul 2025

    50 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  8. CVE-2025-32463 Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option. Github link: https://t.co/87wTMhHxJY

    @PoC_in_Github

    19 Jul 2025

    0 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  9. CVE-2025-32463 Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option. Github link: https://t.co/piU9vS6Gyo

    @PoC_in_Github

    19 Jul 2025

    0 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  10. CVE-2025-32463在Sudo v1.9.14(2023年6月)中引入(https://t.co/C8QW2WVgLW),在使用chroot功能时,更新了命令匹配处理代码。本文漏洞分析的sudo代码 commit 为: cb3355e9d4f66db642b9c0e9151423762504339b telegram 黑客技术联系:https://t.co/

    @CherylTarin2

    16 Jul 2025

    1581 Impressions

    0 Retweets

    11 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  11. #github pr0v3rbs/CVE-2025-32463_chwoot Stars: 260 Language: #Shell https://t.co/klaZn40E9g

    @githubgod

    16 Jul 2025

    0 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  12. تایپک های مهم که شاید از دست داده باشین - باگ Sudo به شدت خطرناک هست CVE-2025-32463 رو مطالعه کنید. - یک Termius که به تروجان آلوده هست برای Mac اومده که رو لینک زیر بیشتر ت

    @alisalehiman

    15 Jul 2025

    124 Impressions

    0 Retweets

    6 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  13. CVE-2025-32463 - Critical Sudo Vulnerability Patch now: → Update to sudo v1.9.17p1 → Rebuild affected base images → Audit for unusual sudoedit usage → Harden privilege boundaries with AppArmor or SELinux https://t.co/jxlQp8QWSa

    @ArnabRaha57

    15 Jul 2025

    31 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  14. Sudo local privilege escalation vulnerabilities fixed (CVE-2025-32462, CVE-2025-32463) https://t.co/2424MrGTM7

    @linuxtoday

    14 Jul 2025

    3294 Impressions

    7 Retweets

    34 Likes

    2 Bookmarks

    1 Reply

    0 Quotes

  15. Breaking Out with chroot: CVE-2025-32463 in Sudo Just published a write-up on a newly disclosed local privilege escalation in sudo -R. Abuse chroot, hijack nsswitch, and get root 🪓👀 🔗 https://t.co/zt6tklifRB #Linux #ExploitDev #Sudo #CVE2025 #Infosec

    @vipa0z

    13 Jul 2025

    0 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  16. [1day1line] CVE-2025-32463: Local Privilege Escalation via chroot in sudo https://t.co/APo2gvYtaY Today’s 1day1line covers a local privilege escalation (LPE) vulnerability caused by the use of chroot in sudo.

    @hackyboiz

    12 Jul 2025

    727 Impressions

    4 Retweets

    12 Likes

    3 Bookmarks

    0 Replies

    0 Quotes

  17. CVE-2025-32463 no Sudo permitia escalada rodando sudo com opção --chroot em diretório controlado; parsing de nsswitch.conf era vulnerável e carregava configuração de chroot arbitrária, dando root ao usuário local.

    @hashtagsec

    11 Jul 2025

    31 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  18. https://t.co/nwqY1oM0VR Critical vulnerability in Linux tool sudo The critical security vulnerability CVE-2025-32463 affects the UNIX and Linux tool sudo and allows local, unprivileged users to gain root privileges. The Stratascale Cyber ​​Research Unit (CRU) team discovere

    @B2bCyber

    10 Jul 2025

    51 Impressions

    1 Retweet

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  19. I did a Yocto Project/OE recipe as a proof of concept for CVE-2025-32463, or "sudo chroot". Yocto cve-check does not detect this CVE! https://t.co/pcX484QA4S #YoctoProject #OpenEmbedded #CVE2025 #EmbeddedLinux #LinuxDevelopment #SecurityResearch #CVECheck #SoftwareSecurity http

    @ReliableEmbSys

    10 Jul 2025

    5 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  20. Critical Sudo bugs expose major Linux distros to local Root exploits Two critical Sudo vulnerabilities (CVE-2025-32462 and CVE-2025-32463) allow local users to escalate privileges to root on Linux systems. CVE-2025-32462 misuses the "--host" option, enabling users to run

    @dCypherIO

    7 Jul 2025

    26 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  21. Recently, two major vulnerabilities in the sudo command-line for Unix and Linux OSs were discovered. The issue is that a local user can get root privileges. Description of the vulnerabilities - CVE-2025-32463. The root access can be received because "/etc/nsswitch.conf" #Linux h

    @hostzealot

    7 Jul 2025

    12 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  22. CVE-2025-32462 & CVE-2025-32463 are local privilege escalation flaws in Sudo. CVE-32463 (CVSS 9.3) allows any user to gain root using --chroot and a crafted /etc/nsswitch.conf. Default installs are affected. Patch to Sudo 1.9.17p1 now. #Sudo #CVE2025 #Linux https://t.co/I

    @CloneSystemsInc

    7 Jul 2025

    59 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  23. 🚨 Two critical #Sudo flaws (CVE-2025-32462 & CVE-2025-32463) allow local users to gain root on Linux systems. 🛡️ Update to v1.9.17p1 ⚠️ Shared sudoers configs = vulnerable 🔎 Exploits via host & chroot options Patch fast. Stay sharp. #CyberSecurity #Linux h

    @Samuel257196756

    7 Jul 2025

    69 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  24. CVE-2025-32463: Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option. https://t.co/HOstBxoOuY

    @ZeroDayFacts

    7 Jul 2025

    15 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  25. CVE-2025-32463, the sudo chroot vulnerability in many Linux distros, broke last week. In this video, we'll understand what happens, how it leads to root, and exploit it in a vulnerable Docker container. https://t.co/BoiIkUGenK

    @0xdf_

    6 Jul 2025

    14269 Impressions

    60 Retweets

    189 Likes

    103 Bookmarks

    1 Reply

    1 Quote

  26. 🚨 Exploiting and Mitigating #CVE-2025-32463: A Deep Dive into #Linux Sudo Privilege Escalation https://t.co/fZB0ALG955 Educational Purposes!

    @UndercodeUpdate

    6 Jul 2025

    2 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  27. #exploit 1⃣ CVE-2025-48703: RCE in CentOS Web Panel - https://t.co/nugC3SZEEk 2⃣ CVE-2025-31200: Zero-click RCE vulnerability in Apple's iOS 18.x - https://t.co/og6oEa6nmj 3⃣ CVE-2025-32463: Escalation of Privilege to the root through sudo binary with chroot option -

    @ksg93rd

    6 Jul 2025

    1193 Impressions

    3 Retweets

    29 Likes

    9 Bookmarks

    0 Replies

    0 Quotes

  28. Critical Sudo Vulnerability (CVE-2025-32463): Immediate Action Required! A critical Local Privilege Escalation (LPE) vulnerability, CVE-2025-32463, has been identified in sudo versions 1.9.14 through 1.9.17. https://t.co/pqhNCgAYtf

    @iampopg

    6 Jul 2025

    28 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  29. pr0v3rbs/CVE-2025-32463_chwoot CVE-2025-32463 – sudo chroot ("chwoot") PoC https://t.co/Gut5ygLxQB

    @tdatwja

    5 Jul 2025

    270 Impressions

    0 Retweets

    2 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  30. 의외로 Linux 명령어도 개별 버전이 존재한다. 최근 발견된 CVE-2025-32463은 sudo 명령어를 통한 권한 상승(LPE) 취약점으로, 악성 공유 라이브러리를 생성하여 명령어를 통해 실행되도록 해 루트 권한을 탈취한다. sudo

    @ssogari_dev

    5 Jul 2025

    1961 Impressions

    8 Retweets

    15 Likes

    5 Bookmarks

    2 Replies

    1 Quote

  31. ⚠️ Another up-to-date CVE is on LetsDefend again, as always. Local Privilege Escalation via chroot CVE-2025-32463 is a critical local privilege escalation flaw in Sudo (v1.9.14–1.9.17) allowing attackers to gain root by exploiting the --chroot (-R) option to load malici

    @LetsDefendIO

    5 Jul 2025

    2509 Impressions

    4 Retweets

    29 Likes

    10 Bookmarks

    0 Replies

    0 Quotes

  32. محققان دو آسیب‌پذیری امنیتی در ابزار خط فرمان Sudo برای سیستم‌عامل‌های لینوکس و یونیکس کشف کرده‌اند که می‌تواند مهاجمان را قادر به ارتقای دسترسی خود به

    @Teeegra

    5 Jul 2025

    840 Impressions

    0 Retweets

    22 Likes

    4 Bookmarks

    0 Replies

    0 Quotes

  33. J'ai testé un PoC de la CVE-2025-32463 sur 𝘀𝘂𝗱𝗼, et boom 💥 root en 1 commande, LPE efficace 👌 Testé sur Fedora 42 sans conf particulière du sudoers, et toujours pas de patch sur redhat, curieux que personne ne panique plus que ça ▶️ Pour tester : https

    @BarbossHack

    4 Jul 2025

    425 Impressions

    2 Retweets

    4 Likes

    5 Bookmarks

    2 Replies

    2 Quotes

  34. ⚠️ Deux failles critiques dans sudo menacent la sécurité des machines Linux Les vulnérabilités CVE-2025-32462 et CVE-2025-32463 permettent une élévation de privilèges en local, exploitant le fonctionnement même de sudo ➡️ https://t.co/DNggJLD99H #Linux https://

    @ITConnect_fr

    4 Jul 2025

    658 Impressions

    2 Retweets

    9 Likes

    3 Bookmarks

    0 Replies

    0 Quotes

  35. 🚨 CVE-2025-32463 trên Debian 11/12 & Ubuntu 24.04. Exploits are active. 𝚊𝚙𝚝-𝚐𝚎𝚝 𝚞𝚙𝚍𝚊𝚝𝚎 && 𝚊𝚙𝚝-𝚐𝚎𝚝 𝚒𝚗𝚜𝚝𝚊𝚕𝚕 𝚜𝚞𝚍𝚘 https://t.co/wP2uL9QkkH

    @vutruso

    4 Jul 2025

    28 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  36. 🚨 ALERT! CVE-2025-32463 Bug sudo berbahaya di Debian 11/12 & Ubuntu 24.04 bisa kasih akses root penuh! Eksploit aktif beredar. Jangan tunggu disusupi! 🔧 Segera update sekarang juga: apt-get update && apt-get install sudo Lindungi server-mu sebelum terlambat!

    @_4dinata

    4 Jul 2025

    46 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  37. Sudo’s chroot Vulnerability CVE-2025-32463 PoC https://t.co/47s3h86FLe

    @t31m0

    3 Jul 2025

    1057 Impressions

    6 Retweets

    18 Likes

    9 Bookmarks

    0 Replies

    0 Quotes

  38. 🚨**Linux Sudo Vulnerabilities: CVE-2025-32463** 🚨 Heads-up, Critical Sudo flaws are putting you at risk. Patch now; "https://t.co/zBfB1f0Qvi" #Cybersecurity #SudoVuln #CVE202532463

    @CWatsonbar79259

    3 Jul 2025

    23 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  39. CVE-2025-32463: Critical Sudo Vulnerability Put Linux Servers at Risk #LinuxSecurity #CVE202532463 #SudoVulnerability #PatchNow #CyberSecurity #PrivilegeEscalation #OpenSourceSecurity #SysAdmin #InfoSec https://t.co/kn0IFzo3DE

    @cyashadotcom

    3 Jul 2025

    1 Impression

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  40. 🚨 CVE-2025-32463 — sudo vuln allows root access on Debian 11/12 & Ubuntu 24.04. Exploits active. Update sudo now (run as root): 𝚊𝚙𝚝-𝚐𝚎𝚝 𝚞𝚙𝚍𝚊𝚝𝚎 && 𝚊𝚙𝚝-𝚐𝚎𝚝 𝚒𝚗𝚜𝚝𝚊𝚕𝚕 𝚜𝚞𝚍𝚘 Secur

    @CloudKodu12528

    3 Jul 2025

    1 Impression

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  41. 🚨 CVE-2025-32463 — sudo vuln giving root access on Debian 11/12 & Ubuntu 24.04. Exploits are active. Fix now: 𝚊𝚙𝚝-𝚐𝚎𝚝 𝚞𝚙𝚍𝚊𝚝𝚎 && 𝚊𝚙𝚝-𝚐𝚎𝚝 𝚒𝚗𝚜𝚝𝚊𝚕𝚕 𝚜𝚞𝚍𝚘 We track these threats s

    @fastpanel_news

    3 Jul 2025

    63 Impressions

    1 Retweet

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  42. 🔴 Critical Sudo Vulnerability – CVE-2025-32463 A newly disclosed vulnerability affects default Sudo configurations (v1.9.14–1.9.17). It allows any local unprivileged user to escalate privileges to root, by abusing the chroot feature. Full details: https://t.co/pMCTVEnhZr

    @OtmaneTalhaoui

    3 Jul 2025

    64 Impressions

    0 Retweets

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  43. CVE-2025-32463: Local Privilege Escalation via sudo -R NSS Injection https://t.co/eROJVZoPHr https://t.co/1y3JmS5QcI

    @cyber_advising

    3 Jul 2025

    1702 Impressions

    6 Retweets

    20 Likes

    7 Bookmarks

    0 Replies

    1 Quote

  44. 🚨 CRITICAL: Two Sudo vulnerabilities (CVE-2025-32462 & CVE-2025-32463) allow ANY local user to gain root access on Linux systems. Millions of servers at risk. One flaw hid undetected for 12 YEARS. Patch to 1.9.17p1 NOW. https://t.co/GFh7BduBUm #InfoSec #Linux #CyberSecuri

    @cyberkendra

    3 Jul 2025

    6 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  45. Linux 環境で広く利用されている「sudo」でchrootの脆弱性(CVE-2025-32463)、非特権ユーザーがroot権限を取得可能に #セキュリティ対策Lab #セキュリティ #Security https://t.co/kHBnalI4kq

    @securityLab_jp

    3 Jul 2025

    104 Impressions

    1 Retweet

    3 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  46. ⚠️ اگه نسخه #sudo سرورت بین 1.9.14 تا 1.9.17 هست، سریعاً آپدیتش کن! یه باگ امنیتی خطرناک (CVE-2025-32463) توی قابلیت chroot پیدا شده که می‌تونه بدون نیاز به رمز، دسترسی root ب

    @Linuxmaster14

    2 Jul 2025

    18189 Impressions

    14 Retweets

    164 Likes

    70 Bookmarks

    5 Replies

    1 Quote

  47. هرچه زودتر sudo را در سرورهای خودتون به روز رسانی کنید اسیب پذیری CVE-2025-32463 امده است که به کاربران غیر روت اجازه میده با اجرا یک فایل تبدیل به روت بشن https://t.co/11f

    @jstnimo

    2 Jul 2025

    38 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  48. Very interesting vuln in sudo! CVE-2025-32463 https://t.co/IMccWdtwj8

    @kat_ish_

    2 Jul 2025

    51 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  49. CVE-2025-32463 An attacker can leverage sudo’s -R (--chroot) option to run arbitrary commands as root, even if they are not listed in the sudoers file. Sudo versions 1.9.14 to 1.9.17 inclusive are affected. PoC: - https://t.co/aWjbr7INTH

    @LostN3rd

    2 Jul 2025

    3 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  50. CVE-2025-32463対策やっておかなきゃね!とおもったけど22.04LTSだったから影響ないですね(迫るEOLと原因となっているあれこれの24対応の遅さ) https://t.co/SIGKzEuzdY

    @mogmod

    2 Jul 2025

    192 Impressions

    0 Retweets

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

References

Sources include official advisories and independent security research.