The Sudo utility has been identified as having two local privilege escalation vulnerabilities, CVE-2025-32462 and CVE-2025-32463. To mitigate these risks, it is recommended that Sudo be updated on Linux and macOS systems.
What is Sudo?
Sudo is a command-line utility found in Unix-like operating systems, allowing users with limited privileges to execute commands as another user, most often the root or administrator. It provides a way to grant temporary elevated privileges without requiring a user to log in as root. Users are authenticated with their password, and if permitted by the configuration file (/etc/sudoers
), The system executes the command.
Vulnerability Details
Rich Mirch of the Stratascale Cyber Research Unit reported both vulnerabilities.
- CVE-2025-32462: This is a low-severity elevation of privilege (EOP) vulnerability found in the Sudo host option. It has been present in Sudo’s code for over 12 years. The vulnerability lies in the fact that the
-h
or--host
option, intended for listing a user’s Sudo privileges on a different host, could be used when running commands or editing files, thus bypassing its intended restriction. This affects the stable (v1.9.0 – 1.9.17) and legacy (v1.8.8 – 1.8.32) versions of Sudo. - CVE-2025-32463: This is a critical-severity flaw affecting the Sudo chroot option. Local users could exploit it to gain root access. The vulnerability arises from a change introduced in Sudo v1.9.14, which allows an attacker to trick Sudo into loading an arbitrary shared library by creating a
/etc/nsswitch.conf
file under a user-specified root directory. This vulnerability impacts Sudo versions 1.9.14 to 1.9.17. Legacy versions are not affected as they lack the chroot feature.
Affected Platforms
These vulnerabilities can be exploited on popular Linux distributions, including Ubuntu, Fedora, Debian, and SUSE, as well as macOS Sequoia.
Impact and Exploit Potential
Successful exploitation of these vulnerabilities allows local users to escalate their privileges to root, gaining complete control over the affected system. CVE-2025-32462, in particular, requires no exploit under specific configurations, making it straightforward to leverage. CVE-2025-32463 allows attackers to load arbitrary shared libraries, leading to root access.
Tactics, Techniques, and Procedures (TTPs)
Local users exploit these vulnerabilities to achieve root access.
- TA0004 – Privilege Escalation: Exploiting the vulnerability to gain elevated permissions.
- T1068 – Exploitation for Privilege Escalation: Utilizing the Sudo flaws to escalate privileges to root.
Mitigation & Recommendations
To remediate these vulnerabilities, update Sudo to version 1.9.17p1.
Instantly Fix Risks with Saner Patch Management
Saner patch management is a continuous, automated, and integrated software that instantly fixes risks exploited in the wild. The software supports major operating systems like Windows, Linux, and macOS, as well as 550+ third-party applications.
It also allows you to set up a safe testing area to test patches before deploying them in a primary production environment. Saner patch management additionally supports a patch rollback feature in case of patch failure or a system malfunction.
Experience the fastest and most accurate patching software here.