I discovered two vulnerabilities in Sudo. Upgrade to Sudo 1.9.17p1 or later.
CVE-2025-32462 - Sudo Host Option Elevation of Privilege Vulnerability
CVE-2025-32462 has remained unnoticed for over 12 years, despite being present in the code all along. It relies on a specific yet common configuration where Sudo rules are restricted to certain hostnames or hostname patterns. If these conditions are met, privilege escalation to root requires no exploit.
- Write-up: Sudo Host Option Elevation of Privilege
- Advisories
- Sudo: https://www.sudo.ws/security/advisories/host_any/
- RedHat: https://access.redhat.com/security/cve/cve-2025-32462
- Ubuntu: https://ubuntu.com/security/notices/USN-7604-1
- Debian: https://lists.debian.org/debian-security-announce/2025/msg00118.html
- Amazon: https://explore.alas.aws.amazon.com/CVE-2025-32462.html
- Gentoo: https://bugs.gentoo.org/show_bug.cgi?id=CVE-2025-32462
CVE-2025-32463 - Sudo chroot Elevation of Privilege Vulnerability
CVE-2025-32463 The default Sudo configuration is vulnerable. Although the vulnerability involves the Sudo chroot feature, it does not require any Sudo rules to be defined for the user. As a result, any local unprivileged user could potentially escalate privileges to root if a vulnerable version is installed.
- Write-up: Sudo chroot Elevation of Privilege
- PoC Mirror: https://github.com/mirchr/CVE-2025-32463-sudo-chwoot/
- Advisories
- Sudo: https://www.sudo.ws/security/advisories/chroot_bug/
- RedHat: https://access.redhat.com/security/cve/cve-2025-32463
- Ubuntu: https://ubuntu.com/security/notices/USN-7604-1
- Debian: https://security-tracker.debian.org/tracker/CVE-2025-32463
- Amazon: https://explore.alas.aws.amazon.com/CVE-2025-32463.html
- Gentoo: https://bugs.gentoo.org/show_bug.cgi?id=CVE-2025-32463
Media References
- https://thehackernews.com/2025/07/critical-sudo-vulnerabilities-let-local.html
- https://www.helpnetsecurity.com/2025/07/01/sudo-local-privilege-escalation-vulnerabilities-fixed-cve-2025-32462-cve-2025-32463/
- https://cybersecuritynews.com/linux-sudo-chroot-vulnerability/
- https://cybernews.com/security/critical-linux-sudo-flaw-discovered/
- https://cyberpress.org/12-year-old-sudo-vulnerability/
- https://www.infosecurity-magazine.com/news/linux-users-urged-to-patch/
- https://gbhackers.com/12-year-old-sudo-vulnerability/
- https://www.redhotcyber.com/en/post/linux-pwned-privilege-escalation-on-sudo-in-5-seconds-hackerhood-tests-the-cve-2025-32463-exploit/
- https://thecyberwire.com/newsletters/daily-briefing/14/126