CVE-2025-32463: Sudo Inclusion of Functionality from Untrusted Control Sphere Vulnerability

Published Jun 24, 2025
·
Updated

An attacker can leverage sudo's -R (--chroot) option to run arbitrary commands as root, even if they are not listed in the sudoers file. Sudo versions 1.9.14 to 1.9.17 inclusive are affected.

Other sources

Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.

NVD

Sudo contains an inclusion of functionality from untrusted control sphere vulnerability. This vulnerability could allow local attacker to leverage sudo’s -R (--chroot) option to run arbitrary commands as root, even if they are not listed in the sudoers file.

CISA

Affected Software

21 affected componentsFixes available
Sudo Sudo<1.9.17p1
Sudo Sudo
Sudo Project Sudo>=1.9.14<1.9.17
Sudo Project Sudo=1.9.17
Canonical Ubuntu Linux=22.04
Canonical Ubuntu Linux=24.04
Canonical Ubuntu Linux=24.10
Canonical Ubuntu Linux=25.04
Debian Debian Linux=11.0
Debian Debian Linux=12.0
Debian Debian Linux=13.0
openSUSE Leap=15.6
redhat Enterprise Linux=10.0
SUSE Linux Enterprise Desktop=15-sp6
SUSE Linux Enterprise Desktop=15-sp7
SUSE Linux Enterprise Real Time=15.0-sp2
SUSE Linux Enterprise Real Time=15.0-sp6
SUSE Linux Enterprise Real Time=15.0-sp7
SUSE Linux Enterprise Server For Sap=12-sp6
SUSE Linux Enterprise Server For Sap=12-sp7
debian/sudo
1.9.5p2-3+deb11u11.9.5p2-3+deb11u41.9.13p3-1+deb12u41.9.13p3-1+deb12u21.9.16p2-3+deb13u21.9.17p2-7

Remediation

Information

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Event History

Jun 24, 2025
Data Sourced
via Red Hat·09:27 PM
DescriptionSeverityAffected Software
Jun 30, 2025
CVE Published
via MITRE·12:00 AM
Data Sourced
via MITRE·12:00 AM
DescriptionSeverityWeakness
Data Sourced
via NVD·09:15 PM
DescriptionSeverityWeaknessAffected Software
Jul 8, 2025
Exploit Published
12:00 AM
Aug 6, 2025
Data Sourced
via Launchpad·08:44 PM
Description
Sep 29, 2025
Known Exploited
via CISA·12:00 AM
Data Sourced
via CISA·12:00 AM
RemedyDescriptionAffected Software
Sep 30, 2025
News Published
via BleepingComputer·01:42 PM
News Published
via BleepingComputer·01:44 PM
Oct 1, 2025
Data Sourced
via Ubuntu·04:03 AM
RemedyDescriptionSeverityAffected Software
Jun 11, 2026
Data Sourced
via Debian·10:37 AM
DescriptionAffected Software
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Frequently Asked Questions

1

What is the severity of CVE-2025-32463?

CVE-2025-32463 is considered a critical vulnerability due to its potential to allow local users to gain root access.

2

How do I fix CVE-2025-32463?

To mitigate CVE-2025-32463, update Sudo to version 1.9.17p1 or later.

3

Which versions of Sudo are affected by CVE-2025-32463?

Sudo versions prior to 1.9.17p1 are affected by CVE-2025-32463.

4

Can CVE-2025-32463 be exploited remotely?

No, CVE-2025-32463 is a local privilege escalation vulnerability requiring local access to exploit.

5

What systems are impacted by CVE-2025-32463?

CVE-2025-32463 impacts systems using vulnerable versions of Sudo, particularly those utilizing the --chroot option.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203