CVE-2025-32462 , CVE-2025-32463 Sudo chroot, host Option Elevation of Privilege Vulnerabilities

I discovered two vulnerabilities in Sudo. Upgrade to Sudo 1.9.17p1 or later.

CVE-2025-32462 - Sudo Host Option Elevation of Privilege Vulnerability

CVE-2025-32462 has remained unnoticed for over 12 years, despite being present in the code all along. It relies on a specific yet common configuration where Sudo rules are restricted to certain hostnames or hostname patterns. If these conditions are met, privilege escalation to root requires no exploit.

• Write-up: Sudo Host Option Elevation of Privilege

• Advisories
  • Sudo: https://www.sudo.ws/security/advisories/host_any/
  • RedHat: https://access.redhat.com/security/cve/cve-2025-32462
  • Ubuntu: https://ubuntu.com/security/notices/USN-7604-1
  • Debian: https://lists.debian.org/debian-security-announce/2025/msg00118.html
  • Amazon: https://explore.alas.aws.amazon.com/CVE-2025-32462.html
  • Gentoo: https://bugs.gentoo.org/show_bug.cgi?id=CVE-2025-32462

CVE-2025-32463 - Sudo chroot Elevation of Privilege Vulnerability

CVE-2025-32463 The default Sudo configuration is vulnerable. Although the vulnerability involves the Sudo chroot feature, it does not require any Sudo rules to be defined for the user. As a result, any local unprivileged user could potentially escalate privileges to root if a vulnerable version is installed.

• Write-up: Sudo chroot Elevation of Privilege
• PoC Mirror: https://github.com/mirchr/CVE-2025-32463-sudo-chwoot/
• Advisories
  • Sudo: https://www.sudo.ws/security/advisories/chroot_bug/
  • RedHat: https://access.redhat.com/security/cve/cve-2025-32463
  • Ubuntu: https://ubuntu.com/security/notices/USN-7604-1
  • Debian: https://security-tracker.debian.org/tracker/CVE-2025-32463
  • Amazon: https://explore.alas.aws.amazon.com/CVE-2025-32463.html
  • Gentoo: https://bugs.gentoo.org/show_bug.cgi?id=CVE-2025-32463

Media References

• https://thehackernews.com/2025/07/critical-sudo-vulnerabilities-let-local.html
• https://www.helpnetsecurity.com/2025/07/01/sudo-local-privilege-escalation-vulnerabilities-fixed-cve-2025-32462-cve-2025-32463/
• https://cybersecuritynews.com/linux-sudo-chroot-vulnerability/
• https://cybernews.com/security/critical-linux-sudo-flaw-discovered/
• https://cyberpress.org/12-year-old-sudo-vulnerability/
• https://www.infosecurity-magazine.com/news/linux-users-urged-to-patch/
• https://gbhackers.com/12-year-old-sudo-vulnerability/
• https://www.redhotcyber.com/en/post/linux-pwned-privilege-escalation-on-sudo-in-5-seconds-hackerhood-tests-the-cve-2025-32463-exploit/
• https://thecyberwire.com/newsletters/daily-briefing/14/126